Patch/Configuration Management, Vulnerability Management

New PDF exploit potential

As businesses await the Adobe Acrobat and Reader zero-day vulnerability patch (coming March 11), researcher Didier Stevens this week detailed a way to exploit the bug without users clicking on any malicious PDF document. Essentially, when a PDF is listed in Windows Explorer, a shell extension will read the document to provide more information, such as file size or type, thus executing code without any user interaction, Stevens said. — DK

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.