A new software vulnerability has been identified as affecting the latest versions of Adobe software Acrobat and Reader, a security firm has said.
“Analysis shows that malicious PDF documents invokes a function call to “Doc.printSeps()” to take advantage of the vulnerability. Proof of concept code plants shell code in memory using heap spraying to exploit the vulnerability,” WebSense said on its website.
Vupen Security first identified the virus, it claims, and then passed on its knowledge to Adobe. It said in a statement that people wishing to exploit the vulnerability could use it “to crash an affected application or compromise a vulnerable system by tricking a user into opening a specially crafted PDF file”.
Adobe has said users need to use the JavaScript Blacklist Framework, which allows “granular control over the execution of specific JavaScript APIs”. The company is set to release a patch this week.
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.