TweakTown
Tech content trusted by users in North America and around the world
5,923 Reviews & Articles | 38,167 News Posts

Adobe PDF Zero-day Exploit - Now Without Clicking

Proof of concept demo puts pressure on Adobe

| Posted: Mar 6, 2009 4:30 am

The Register reports that the zero-day exploit in Adobe Reader and Acrobat has become even more dangerous.

 


Security blogger Didier Stevens has a proof of concept demonstration on his website showing how a maliciously contructed PDF can exploit a system without even clicking on it.

 

 

Adoble has said the official patch for this exploit won't be available until March 11th, but hopefully Stevens' demo will speed things up a bit.

 

The exploit techniques demoed by Stevens make use of the Windows Explorer Shell Extension installed with Adobe Reader. The feature creates a conduit between Adobe Reader and Windows Explorer and means that simply hovering the mouse cursor over a booby-trapped file, or selecting it, are enough to allow the bust out of potentially malicious code. Selecting a thumbnail view poses a similar risk.

 

Related Tags

Further Reading: Read and find more news at our news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases