Application security, Malware, Phishing, Vulnerability Management

Adobe grapples with new Reader, Acrobat zero-day

Adobe on Wednesday confirmed a dangerous vulnerability affecting the latest versions of Reader and Acrobat.

The unpatched flaw, which is being leveraged in active attacks, could be targeted to crash a user's machine or take complete control of it, according to an advisory. The bug affects Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX and Acrobat 9.3.4 and earlier versions for Windows and Mac.

The issue first was reported Tuesday by researcher Mila Parkour, who runs the Contagio Malware Dump blog. She discovered the flaw through a phishing email that contained a malicious PDF attachment, Parkour wrote.

The subject of the bogus message read "David Leadbetter's One Point Lesson," and the body tried to convince recipients into opening the malicious PDF to receive tips from the well-known golf instructor.

Writing on the SANS Internet Storm Center blog on Wednesday, incident handler John Bambenek said a number of anti-virus products have caught the exploit because the PDF looks suspicious. And if does get through to inboxes, users should be able to act before their machines get infected, he said.

"The exploit in the wild I'm aware of causes a crash in Acrobat/Reader and then tries to open a decoy file," Bambenek wrote. "So the good news is that, as of right now, it's a 'loud exploit.'"

Vulnerability tracking firm Secunia on Wednesday graded the flaw "extremely critical" — its most severe rating —  and said it is "caused due to a boundary error within the font parsing of CoolType.dll and can be exploited to cause a stack-based buffer overflow."

CoolType.dll is a component of Adobe CoolType, a font-rendering technology.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.