Difference between revisions of "Adobe PDF Reader and Acrobat Zero-Day Exploit 9.2"
| Line 30: | Line 30: | ||
You can read more here:<br> | You can read more here:<br> | ||
* Adobe's [http://www.adobe.com/support/security/advisories/apsa09-07.html Security bulletin] | * Adobe's [http://www.adobe.com/support/security/advisories/apsa09-07.html Security bulletin] | ||
| − | * | + | * [http://blogs.zdnet.com/security/?p=5119&tag=nl.e539 ZDNet Article] |
| − | * | + | * [http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214 Shadow Server Blog] |
<br> | <br> | ||
About [http://en.wikipedia.org/wiki/Zero_day_attack Zero-day attack]: "A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software vendor, or for which no security fix is available." | About [http://en.wikipedia.org/wiki/Zero_day_attack Zero-day attack]: "A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software vendor, or for which no security fix is available." | ||
Revision as of 17:39, 16 December 2009
This is an exploit that affects Adobe PDF Reader and Acrobat. It is very serious and has not been addressed by Adobe.
|
This is how Adobe's site explains the problem: |
Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available. |
|
How to close this vulnerability: |
|
Adobe will not release a fix until January 12, 2010.
You can read more here:
About Zero-day attack: "A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software vendor, or for which no security fix is available."
