Critical Adobe Reader vuln under 'targeted' attack

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2009/10/08/adobe_reader_vuln_under_attack/

By Dan Goodin in San Francisco
The Register
8th October 2009 

Attackers once again are targeting an unpatched vulnerability in Adobe 
Reader that allows them to take complete control of a user's computer, 
the software maker warned.

Adobe said it planned to patch the critical security bug in Reader and 
Acrobat 9.1.3 for Windows, Mac and Unix on Tuesday, the date of the 
company's previously scheduled patch release for the PDF reader. 
According to Security Focus here, attackers can exploit the 
vulnerability by tricking a user into opening a booby-trapped PDF file.

"Successful exploits may allow the attacker to execute arbitrary code in 
the context of a user running the affected application," the security 
site warned. "Failed attempts will likely result in denial-of-service 
conditions."

The bug is presently being exploited in "limited targeted attacks," 
Security Focus added, without elaborating. Adobe said only that the 
attacks target Reader and Adobe running on Windows operating systems.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org