Feeds

back to article Zero-day Adobe PDF peril goes click free

An unpatched flaw in Adobe Acrobat and Reader might be exploited without even needing to trick a surfer into opening a maliciously constructed file. Proof of concept demonstrations of this by security blogger Didier Stevens will increase pressure on Adobe to release a fix ahead of schedule. The exploit techniques demoed by …

COMMENTS

This topic is closed for new posts.
Silver badge
Thumb Down

Adobe security record is almost as bad as Oracles

I pretty much avoid installing any adobe software on my computers due to it mostly being bloated bug ridden borderline malware. Remember it was Adobe flaws that enabled the hackers to crack the fully patched Apple, LInux, Windows systems and win the contest awhile back. They dont say but I bet this security flaw doesn't affect the much faster, slimer alternative to Adobe Reader, FoxIt Reader (www.foxitsoftware.com). I highly recommend it.

0
0
Thumb Up

No worries

Easy way around that little problem, use Foxit to read your .pdf files. Thanks to El Reg's own Verity Stob for that tip!

0
0
Silver badge
Thumb Up

much better Adobe Reader alternative

I forgot also to mention Foxit Reader is free. http://www.foxitsoftware.com/downloads/

For the record I am not an shill but just a satisfied end user for years that long ago got tired of Adobes crapware.

0
0
Anonymous Coward

Foxit

Foxit PDF reader. Small, fast and free (especially of Adobe crapware)

0
0
Stop

Yet another reason to get rid of all the crappy 'shell integration'

I've been getting fed up with *every*damn*program's* insistence on installing some kind of ridiculous shell integration for years. I used to blame it on MS/Explorer but now I know MS is only partly at fault. This came to a head a few months ago when I needed to change the archive bit on a few thousand PDF files. Rather than going to the command line I stupidly tried to do it with Explorer. After selecting the PDF files I right clicked to access the context menu. And then I waited. And waited. Then I forgot what I was waiting for and clicked in some other window so I had to start over. This time I timed it and it took approximately 4 minutes before Explorer even displayed the context menu.

Why? Because various dumbasses have written numerous crappy Explorer extensions that install without your knowledge, and when you right click Explorer passes control to them so they can decide how to draw the context menu. When dumbasses write these things and forget that you may have thousands of files selected and/or those files may be tens or hundreds of megs in size, the delay becomes ridiculous.

Software developers, QUIT making installation of your crappy shell integration tools mandatory. Provide an option in setup as OpenOffice does so the user can decline.

0
0
Bronze badge
Gates Horns

windows only, right?

I take it that this vulnerability is, as usual, restricted to Windows? Is this correct, or can this attack be made on Macs or Linux machines? Does anyone know if Vista is as vulnerable as other versions of Windows?

0
0
Silver badge

Foxit

is not vulnerable to this exploit

http://forums.foxitsoftware.com/showthread.php?s=b1a534257745ea24b83f6ebffa96a05c&t=13598

Nor is it bloatware

0
0
Silver badge
Thumb Down

bah Adobe!

Non-Adobe pdf readers are generally smaller, much faster-loading and perfectly adequate for most uses.

And the whole of firefox on windows is how big? Thunderbird is how big? Your poxy document reader is how big?

0
0
Bronze badge
Gates Horns

RE: windows only, right?

I should think so. I don't know about other Linux desktops, but KDE's file-managers do their own PDF previewing with no help from Acrobat itself, so the trigger discussed in this article couldn't be pulled. And Mac OS has quite extensive PDF support built-in too, so I doubt it's susceptible either.

Of course, whatever the original vulnerability is (not just the additional Windows vulnerability that makes it more easy to trigger), that may exist on the other platforms -- but as usual, there'll probably be less that the miscreant can actually do to the system via the exploit on the non-Windows systems.

0
0
Anonymous Coward

0day

Hah. It's nice to see the 0-xday nomenclature back in action after so many years.

0day warez only bitch!

0
0
Anonymous Coward

Common Tasks

Presumably the risk is even greater, if Thumbnail View is all that is required, given XP's propensity to spontaneously alter Folder Views/Common Tasks. I don't recall if Vista does this specifically too, though I know the issue is not entirely fixed, if at all.

My experience of the issue is that if you add enough media files or change views in enough folders, Common Tasks change to reflect this even in unrelated folders, even perhaps in the majority of folders. So, if Thumbnail View is all that is required, Common Tasks needs to be turned off - i.e. Classic Folders selected (in Folder Options) - as simply warning against selecting Thumbnail View is not sufficient.

0
0
Gold badge
Happy

Re: Yet another reason to get rid of all the crappy 'shell integration'

If it's any consolation, Microsoft have completely and utterly and incompatibly totally re-written the rule book for shell extensions for each new release of Windows since 2K, so the developers who write shell extensions have really suffered to bring you this pain.

0
0
Stop

Yet again, Adobe

Doesn't "Adobe" mean 'house built out of mud'?

Install Adobe products and you get a house built out of cards!

Foxit FTW.

0
0
Gold badge

@Adrian Esdaile

No, I think "Adobe" refers to the construction material itself not what's built of it. So "Adobe house" is not a tautology.

So it's not the house, it's filthy crap that you can use to build a house which has been replaced with better materials by all but the most primitive.

Even more apt.

0
0
This topic is closed for new posts.