A vulnerability has been discovered in Adobe System's
Acrobat Reader by the programmer who discovered azero-day flawin Apple's QuickTime two
weeks ago and a critical bug in Microsoft's Windows Media Player
last week. "The issues were verified on Windows XP SP2 with the
latest Adobe Reader 8.1, although previous versions are also
affected," Petko Petkov wrote on his blog. He advises caution
opening PDFs until the vulnerability is patched.
In the QuickTime and Windows Media Player cases, Petkov posted
proof-of-concept exploit code. But not this time. He explained why
he refused to publish code to prove that the PDF vulnerability is
real: "The issue is quite critical given the fact that PDF
documents are in the core of today's modern business," Petkov
wrote. "This and the fact that it may take a while for Adobe to fix
their closed source product are the reasons why I am not going to
publish any POCs [proof-of-concepts]. You have to take my word for
it. The POCs will be released when an update is available."