November 01, 2010
Update

Adobe font vulnerability

What is it?
A vulnerability in Adobe Reader/Acrobat is being actively exploited as a zero-day that allows the the execution of arbitrary code when the user opens a PDF file containing an embedded font.
 
How does it work?
The vulnerability is caused by a boundary error within CoolType.dll when parsing fonts using the SING architecture, which allows specifying rare characters not included in standard character sets. During parsing of the “uniqueName” entry of a SING table, a classic stack-based buffer overflow may occur.

Should I be worried?
Yes, though a patch has been issued, the vulnerability is still being exploited to compromise systems.

How can I prevent it?
Patches were not issued until week 40. Users should, therefore, be cautious and only open trusted PDF files. There are no options in Adobe Reader/Acrobat to disable the affected functionality, nor is it possible to restrict access to CoolType.dll, as it is a core component.

Source: Carsten Eiram, chief security specialist, Secunia
From the November 2010 Issue of SCMagazine »
Similar Articles
close

Next Article in Features

More in Features

Behind the scenes: Privacy and data-mining

Behind the scenes: Privacy and data-mining

With data-mining firms harvesting personal information from online activity, privacy advocates, if not yet consumers, are alarmed, reports James Hale.

The great divide: Reforming the CFAA

The great divide: Reforming the CFAA

Aaron Swartz's death inspired Rep. Zoe Lofgren to want to reform the federal anti-hacking law, but some security pros worry this would sterilize a potent enforcement weapon, reports Dan Kaplan.

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.