News Stay informed about the latest enterprise technology news and product updates.

Adobe Reader zero day vulnerability on the loose

Stack buffer overflow allows attackers to run malicious code; Adobe reader vulnerability classified as severe.

A new critical vulnerability has been discovered in Adobe Reader. This vulnerability could crash Adobe Reader due to a stack buffer overflow bug, which potentially allows an attacker to run malicious code on the user's computer. This critical Adobe Reader vulnerability is reported to be widely exploited, and has been added to MetaSploit. 

All 9.3.4 and earlier versions of Adobe Reader are affected by this vulnerability (including Windows, Macintosh and Unix versions). The Adobe Reader vulnerability (CVE-2010-2883) relies on a buffer boundary checking issue in the font parsing code in the cooltype.dll file. Adobe is currently evaluating the schedule for an update.

Affected software versions are:

  • Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX
  • Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh

Adobe’s security advisory suggests that users of Adobe Reader or Acrobat 9.3.4 (or earlier) on Windows can utilize Microsoft's Enhanced Mitigation Evaluation Toolkit (EMET) to help prevent this vulnerability from being exploited. More information on EMET and implementation of this mitigation can be found on the Microsoft Security Research and Defense blog. Due to the time-sensitive nature of this issue, Adobe also recommends that users test this mitigation in their environment to minimize any impact on workflows.

According to Carl Leonard, Sr Manager, Websense Security Labs, “This threat is an example of how an email can use social engineering to encourage users to open an attached file. The optimum way to mitigate the threat from propagating in and around your corporate network is to prevent the email from reaching the network in the first place. This can be achieved by using a Security as a Service (SaaS) solution that combines knowledge of email, web and file-based attack vectors.”

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close