Feeds

Zero-day Adobe PDF peril goes click free

Thumbnail preview threat

Intelligent flash storage arrays

An unpatched flaw in Adobe Acrobat and Reader might be exploited without even needing to trick a surfer into opening a maliciously constructed file.

Proof of concept demonstrations of this by security blogger Didier Stevens will increase pressure on Adobe to release a fix ahead of schedule.

The exploit techniques demoed by Stevens make use of the Windows Explorer Shell Extension installed with Adobe Reader. The feature creates a conduit between Adobe Reader and Windows Explorer and means that simply hovering the mouse cursor over a booby-trapped file, or selecting it, are enough to allow the bust out of potentially malicious code. Selecting a thumbnail view poses a similar risk.

In all three scenarios the problem exists because simply reading a maliciously constructed document is enough to trigger code execution.

Stevens explains these approaches to hacking in much greater depth in a blog posting, featuring a video demo, here.

Adobe admitted the security patch last week but said an official patch wouldn't be available until 11 March. The delay is all the more serious because hackers are actively attacking the flaw, thus far using approaches that mean maliciously constructed files need to be actually opened. ®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.