Malware spectre haunts Adobe Reader

["Richard M. Smith" <rms () computerbytesman com>]

I wonder why it took so long for someone to take a close look at Adobe
Reader and PDF files for security flaws....
 
Richard
 
http://www.theregister.com/2007/09/21/pdf_peril/

Malware spectre haunts Adobe Reader


PDF peril

By John
<http://forms.theregister.co.uk/mail_author/?story_url=/2007/09/21/pdf_peril
/> Leyden → More by this
<http://search.theregister.com/?author=John%20Leyden> author
Published Friday 21st September 2007 15:58 GMT

Adobe Reader may be subject to a security hole that creates a means for
hackers to take over vulnerable Windows boxes simply by opening a
maliciously constructed PDF document.

Gray hat hacker Petko Petkov, who first discovered the bug, omits details of
the supposed flaw. He said
<http://www.gnucitizen.org/blog/0day-pdf-pwns-windows>  security concerns
over the potency of the flaw alongside concerns over the time it might take
for Adobe to come up with a fix have prompted him to hold back from
publishing proof of concept code.

By way of illustration, a video clip published by Petkov depicts how Windows
calculator starts when a PDF document is opened. The same approach might be
used to launch a malicious payload.

Petkov verified the bug on Windows XP SP2 with the latest Adobe Reader 8.1,
8.0 and 7. Previous versions - as well as other PDF viewers - might also be
affected. Windows Vista users, however, are projected against the attack,
according to Petkov.

...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.