Friday, February 20, 2009

Buffer Overflow Issue In Adobe Reader And Acrobat - No Patch Available Yet

Adobe warns about a critical vulnerability in Adobe Reader 9 & Acrobat and earlier versions. The found vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. The issue is being exploited already.

There's no update released to patch the vulnerability yet. "Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow."

While waiting for the fix users should keep their antivirus programs up-to-date and avoid opening files from dubious sources.

Adobe's security advisory on the issue can be found here.

No comments: