Technology content trusted in North America and globally since 1999
8,495 Reviews & Articles | 65,533 News Posts

Adobe PDF Zero-day Exploit - Now Without Clicking

Proof of concept demo puts pressure on Adobe

By Zac O'Vadka from Mar 5, 2009 @ 22:30 CST

The Register reports that the zero-day exploit in Adobe Reader and Acrobat has become even more dangerous.


Security blogger Didier Stevens has a proof of concept demonstration on his website showing how a maliciously contructed PDF can exploit a system without even clicking on it.

Adoble has said the official patch for this exploit won't be available until March 11th, but hopefully Stevens' demo will speed things up a bit.

The exploit techniques demoed by Stevens make use of the Windows Explorer Shell Extension installed with Adobe Reader. The feature creates a conduit between Adobe Reader and Windows Explorer and means that simply hovering the mouse cursor over a booby-trapped file, or selecting it, are enough to allow the bust out of potentially malicious code. Selecting a thumbnail view poses a similar risk.



Related Tags

PRICING: You can find products similar to this one for sale below.

USUnited States: Find other tech and computer products like this over at Amazon.com

UKUnited Kingdom: Find other tech and computer products like this over at Amazon.co.uk

AUAustralia: Find other tech and computer products like this over at Amazon.com.au

CACanada: Find other tech and computer products like this over at Amazon.ca

DEDeutschland: Finde andere Technik- und Computerprodukte wie dieses auf Amazon.de