The Register reports that the zero-day exploit in Adobe Reader and Acrobat has become even more dangerous.
Security blogger Didier Stevens has a proof of concept demonstration on his website showing how a maliciously constructed PDF can exploit a system without even clicking on it.
Adobe has said the official patch for this exploit won't be available until March 11th, but hopefully Stevens' demo will speed things up a bit.
The exploit techniques demoed by Stevens make use of the Windows Explorer Shell Extension installed with Adobe Reader. The feature creates a conduit between Adobe Reader and Windows Explorer and means that simply hovering the mouse cursor over a booby-trapped file, or selecting it, are enough to allow the bust out of potentially malicious code. Selecting a thumbnail view poses a similar risk.
- >> NEXT STORY: Thousands Wait In Line for Resident Evil 5
- << PREVIOUS STORY: Thursday Evening Roundup for March 5, 2009