New Adobe Reader, Acrobat Security Flaw Under Attack
Adobe Reader and Acrobat are vulnerable to a new security flaw being exploited in the wild. The bug could allow system takeovers.Adobe Systems is warning users about a new vulnerability being exploited in the wild. According to Adobe, the vulnerability can be exploited to "cause a crash and potentially allow an attacker to take control of the affected system." The bug exists in Adobe Reader 9.3.4 and earlier for Windows, Macintosh and Unix systems. It also exists in Adobe Acrobat versions 9.3.4 and earlier for Mac and Windows.
Adobe did not provide technical details on the vulnerability. However, an advisory by Secunia stated that the issue is caused by "a boundary error within the font parsing in CoolType.dll and can be exploited to cause a stack-based buffer overflow by ... tricking a user into opening a specially crafted PDF file."