Adobe Investigates Reader Security Flaw Report

By Brian Prince  |  Posted 2010-11-05 Print this article Print

Adobe Systems is investigating a report of a new vulnerability in Adobe Reader.

So far Adobe has not seen any attacks exploiting the vulnerability, though proof-of-concept code was posted publicly on the Full Disclosure mailing list earlier this week. The vulnerability can be exploited to trigger a denial of service. Arbitrary code execution could be possible, but has not been demonstrated.

Users of Adobe Reader 9.2 or later and 8.1.7 or later can leverage the JavaScript Blacklist Framework to prevent the issue by following instructions on the Adobe Product Security Incident Response Team blog linked to above. Adobe Acrobat is not affected by the issue.

Adobe issued a warning about the bug Thursday, the same day as it released a massive security update for Adobe Flash Player. The update plugged nearly 20 vulnerabilities, including one, CVE-2010-3654, that had been targeted by attackers. Before that

Adobe said it will continue to provide updates on the latest situation as necessary. |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel