Adobe Flaw Heightens Risk of Encountering Malicious PDFs

From PC World: Security companies are warning of a new flaw in two Adobe Systems programs that could compromise a PC merely by opening a malicious PDF (Portable Document Format) file.

Hackers are exploiting the flaw in the wild, although attacks are not widespread yet, according to Symantec and the Shadowserver Foundation.

The flaw affects version 9 of Reader and Acrobat as well as earlier versions, according to Adobe's advisory. A buffer overflow condition can be triggered by opening a specially-crafted PDF, which gives the attackers control of the computer. Shadowserver wrote that the flaw could be exploited on systems running Microsoft's Windows XP SP3.

Adobe called the flaw "critical," it's most severe rating, and said it will release a patch for Reader 9 and Acrobat 9 by March 11. The company said patches for version 8 of Reader and Acrobat will follow, then finally for version 7 of Reader and Acrobat.

In the meantime, hackers will quickly try to use the flaw. PDF vulnerabilities are especially dangerous since the file format is widely used.

View: Article @ Source Site