Full Story
Adobe (Nasdaq: ADBE) Systems yesterday reported its Reader contains a vulnerability that would allow an attacker to remotely execute malicious code. A security flaw in the dominant document-sharing software could allow hackers to seize control of a computer system. Adobe Acrobat Reader is a program for viewing Portable Document Format (PDF) documents. Under special circumstances, if a malicious PDF file is opened using Adobe Reader, a stack buffer overflow could occur resulting in the execution of arbitrary code.
Security firm iDefenseLabs discovered the vulnerability in Adobe Acrobat Reader versions 5.0.9 and 5.0.10 for Unix. Security firm Secunia has rated the vulnerability "highly critical."
Michael Sutton, director of iDefense Labs' vulnerability research department, told TechNewsWorld that vulnerabilities in commonly used file formats, such as PDFs, increase the severity of the potential impact because they are widely traded, trusted document types.
"There aren't too many companies that would block PDFs at the firewall from coming into the organization because working with PDFs is a regular part of doing business," Sutton said. "To some extent, there's only so much you can block. If you block everything it sort of defeats the purpose of the Internet."