TweakTown
Tech content trusted by users in North America and around the world
5,671 Reviews & Articles | 36,049 News Posts

Adobe PDF Zero-day Exploit - Now Without Clicking

Proof of concept demo puts pressure on Adobe

| Posted: Mar 6, 2009 4:30 am

The Register reports that the zero-day exploit in Adobe Reader and Acrobat has become even more dangerous.

 


Security blogger Didier Stevens has a proof of concept demonstration on his website showing how a maliciously contructed PDF can exploit a system without even clicking on it.

 

 

Adoble has said the official patch for this exploit won't be available until March 11th, but hopefully Stevens' demo will speed things up a bit.

 

The exploit techniques demoed by Stevens make use of the Windows Explorer Shell Extension installed with Adobe Reader. The feature creates a conduit between Adobe Reader and Windows Explorer and means that simply hovering the mouse cursor over a booby-trapped file, or selecting it, are enough to allow the bust out of potentially malicious code. Selecting a thumbnail view poses a similar risk.

 

Related Tags

Further Reading: Read and find more news at our news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below