Tech content trusted by users in North America and around the world
6,410 Reviews & Articles | 42,716 News Posts
TRENDING NOW: 10TB SSDs are on their way thanks to Micron and Intel's new 3D NAND

Adobe PDF Zero-day Exploit - Now Without Clicking

Proof of concept demo puts pressure on Adobe

| Posted: Mar 6, 2009 4:30 am

The Register reports that the zero-day exploit in Adobe Reader and Acrobat has become even more dangerous.


Security blogger Didier Stevens has a proof of concept demonstration on his website showing how a maliciously contructed PDF can exploit a system without even clicking on it.



Adoble has said the official patch for this exploit won't be available until March 11th, but hopefully Stevens' demo will speed things up a bit.


The exploit techniques demoed by Stevens make use of the Windows Explorer Shell Extension installed with Adobe Reader. The feature creates a conduit between Adobe Reader and Windows Explorer and means that simply hovering the mouse cursor over a booby-trapped file, or selecting it, are enough to allow the bust out of potentially malicious code. Selecting a thumbnail view poses a similar risk.


Related Tags

Further Reading: Read and find more news at our news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Or Scroll Up Or Down