Adobe zero-day flaw won't be fixed until March

A zero-day vulnerability in all versions of Adobe Reader and Acrobat will not have a fix until March, Adobe has warned.

A successful exploit of a buffer overflow flaw in the PDF reader code could cause the applications to crash, the software maker said in an advisory released last week. That could then allow a remote attacker to take control of an affected system.

Affected products include Adobe Reader 9 and

Shadowserver Foundation, a security research organization, reported on Thursday that the hole in Adobe Reader was being actively exploited in the wild, and that independent security researcher Matt Richard had performed an analysis of the exploit code.

According to Richard, malicious PDFs in the wild are exploiting a vulnerability in a non-JavaScript function call. Both Richard and Shadowserver researcher Steven Adair recommended disabling Javascript in Adobe Acrobat and Reader products until a fix is made available.

Talkback 0 comments

• Compliance and Risk Management Manager
• Sales Engineer/Sales Executive (Security System)
• Security Engineer
• China SOX Coordinator
• Security Analyst

TechGuides

Use shades of gray to enhance scale in Excel

Excel's palette is generous, but don't throw buckets of pigment all over your spreadsheets just because you can.

Read more »

Latest from Blog Central

Ultimate 2012 recovery site: the moon

Read more »

Cutting-edge technology from premium sponsors

What are
Eco-Products? »

View Featured
Eco-Products »

Brought to you by:

 

 

 

More Tech Showcases:

Hitachi Eco-Products

Juniper Networks