JavaScript flaw exploit in Adobe Acrobat
Morshad Morshad published 24 Jun 2008, 20:39 in main - 401 views
ImageAdobe has updated its Reader and Acrobat products to shore up a major vulnerability that already is being exploited in the wild, the company said.

An Adobe advisory said the "critical" vulnerability, spotted in Reader and Acrobat 8.1.2 and earlier versions, is related to an unspecified JavaScript input validation issue. If exploited, the bug could permit remote code execution.

Andrew Storms, director of security operations at vendor nCircle, said on Tuesday that Adobe this year already has patched at least one other Acrobat flaw related to a JavaScript error.

"It would appear that Adobe has an epidemic with regard to JavaScript," he told SCMagazineUS.com in an email. "One begins to wonder just how many more are yet to be found. We may be witnessing an interesting twist. It appears that Microsoft Word might be on the track to be more secure, while Adobe Acrobat is going in the opposite direction."

He said the company released few details about this latest vulnerability, probably to ward off the potential for further exploits. Adobe said in its advisory that is has received reports of exploits appearing in the wild.

Jason Lam, a senior security analyst at a Canada-based financial institution and a handler for the SANS Internet Storm Center, warned of an uptick in compromised websites being used to distribute the exploit.

"This is likely to appear in a malware spreading website near you soon given the track record of the botnet operators," he wrote on the Storm Center's blog. "Suggest [you] update this one as soon as possible."

Adobe Reader and Acrobat versions 7.1.0 are not affected.

An Adobe spokesman said he was checking into the matter.
Tags: JavaScript, Adobe Acrobat, Microsoft Word
  • 7 Diggs
Prev Article: Dell Unveils Studio Notebook Line Next Article: Microsoft VP confirms Windows 7 ship in Jan 2010

    No Comments!

    It's quiet in here... can you hear the echo?

Login or register to add a comment

Create a new account or login to join in the conversation on NewXwin.net. You'll also be able to NewXwin.net stories to help promote things you like.

Random Technology News
Fav
Steve Jobs interviewed by Fortune
Shaon by Shaon in Apple News - 03/07/08 · 0 favs
Fav
Maxthon 2.0.4 Build 5707
Shakil by Shakil in Software News - 10/02/07 · 0 favs
Fav
Windows Live Messenger Released
Morshad by Morshad in Technology News - 06/20/06 · 0 favs
Fav
Arovax Shield 2.1.82 Beta
Shakil by Shakil in Software News - 01/27/07 · 0 favs
Fav
Microsoft mulls free Web-based business software
Shaon by Shaon in Technology News - 09/22/06 · 0 favs
Latest Technology News
Fav
Asus debuts S121 netbook with Windows 7 and 512GB SSD
Shaon by Shaon in Technology News - 31 minutes ago · 1 favs
Fav
Verizon picks Microsoft search over Google and Yahoo
Morshad by Morshad in Technology News - 41 minutes ago · 0 favs
Fav
Future of Macworld Expo up in the air
Shakil by Shakil in Apple News - 45 minutes ago · 0 favs
Fav
OpenOffice.org 3.0.1 RC1
Shaon by Shaon in Software News - 54 minutes ago · 1 favs
Fav
Auslogics Disk Defrag with Command Line
Asphodel Blanche by Asphodel Blanche in Software News - 01/07/09 · 1 favs
Popular Technology News
Fav
Auslogics Disk Defrag with Command Line
Asphodel Blanche by Asphodel Blanche in Software News - 01/07/09 · 1 favs
Fav
OpenOffice.org 3.0.1 RC1
Shaon by Shaon in Software News - 54 minutes ago · 1 favs
Fav
Future of Macworld Expo up in the air
Shakil by Shakil in Apple News - 45 minutes ago · 0 favs
Fav
Asus debuts S121 netbook with Windows 7 and 512GB SSD
Shaon by Shaon in Technology News - 31 minutes ago · 1 favs
Fav
Verizon picks Microsoft search over Google and Yahoo
Morshad by Morshad in Technology News - 41 minutes ago · 0 favs

Main Menu

News
Advanced Search
Subscribe to Newsletter

Advertisement

Subscribe to NewXwin.net

Add to Technorati Favorites

Join My Community at MyBloglog!

My BlogCatalog BlogRank

TwitterCounter for @Morshad



Featured Sites