Carsten Eiram, chief security specialist, Secunia
November 01, 2011
Threat of the month

Threat of the month: Adobe vulnerabilities

What is it?

A large number of vulnerabilities have been reported in Adobe Reader for all supported platforms. 

How does it work?

The vulnerabilities exist in various libraries and have different causes. One, for example, parses images embedded in PDF files. Another parses BMP images, where the image data is copied into the buffer based on the size of the image stream without performing any boundary checks. This may result in a heap-based buffer overflow, allowing execution of arbitrary code.

Should I be worried?

Adobe Reader X provides an extra layer of defense via the new sandbox feature, but since one of the reported vulnerabilities allows bypassing this feature, all users, regardless of version, should be cautious when opening PDF files.

How can I prevent it?

Adobe released updated versions (10.1.1, 9.4.6, and 8.3.1), which should be installed to address the vulnerabilities.

Source: Carsten Eiram, chief security specialist, Secunia



From the November 2011 Issue of SCMagazine »
Similar Articles
close

Next Article in Features

More in Features

Behind the scenes: Privacy and data-mining

Behind the scenes: Privacy and data-mining

With data-mining firms harvesting personal information from online activity, privacy advocates, if not yet consumers, are alarmed, reports James Hale.

The great divide: Reforming the CFAA

The great divide: Reforming the CFAA

Aaron Swartz's death inspired Rep. Zoe Lofgren to want to reform the federal anti-hacking law, but some security pros worry this would sterilize a potent enforcement weapon, reports Dan Kaplan.

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.