Content

Adobe font vulnerability

What is it?
A vulnerability in Adobe Reader/Acrobat is being actively exploited as a zero-day that allows the the execution of arbitrary code when the user opens a PDF file containing an embedded font.
 
How does it work?
The vulnerability is caused by a boundary error within CoolType.dll when parsing fonts using the SING architecture, which allows specifying rare characters not included in standard character sets. During parsing of the “uniqueName” entry of a SING table, a classic stack-based buffer overflow may occur.

Should I be worried?
Yes, though a patch has been issued, the vulnerability is still being exploited to compromise systems.

How can I prevent it?
Patches were not issued until week 40. Users should, therefore, be cautious and only open trusted PDF files. There are no options in Adobe Reader/Acrobat to disable the affected functionality, nor is it possible to restrict access to CoolType.dll, as it is a core component.

Source: Carsten Eiram, chief security specialist, Secunia

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.