Computer Help Community

Community

Cyber Tech Help Community

New Tutorials

PC Tutorials

New Downloads

More Downloads
PC Downloads

Member Testimonials

Open Member Quote   I came to this board a irritable and confused person, after becoming a member and spending time here I am now a calm and more organized person. CTH has offered me great tech support and gave me an example to follow. I just wanted the staff here to know that this site is practically a life changing experience. Thanks to all who participate and work at CTH. - Vercades  Close Member Quote
Member Testimonials
MY CYBER TECH HELP

LATEST TOPICS

Tech Help Community

Free Antivirus Scan

Free Virus Scan and a listing of the top 10 viruses in the wild - Free Antivirus Scan
Free Online Antivirus Scan

File Extension Database

Find what program a filetype belongs to in our searchable File Extension Database.
File Extension Database

Related Microsoft Links

Services
Cyber Tech Help Community

To the top of the page to top

 



Computing News | Researcher posts homemade patch for critical PDF bug

Latest News Latest News | News ArchiveNews Archive | Cyber Tech Help News RSS Feed!

Posted by: Tweaker
Date added: 21:00 Monday, 23rd February 2009 GMT
Source: Computer World News

A security researcher has published a home-brewed patch for a critical Adobe Reader vulnerability that hackers are exploiting in the wild using malicious PDF files, beating Adobe Systems Inc. to the punch by more than two weeks.

Lurene Grenier, a vulnerability researcher at intrusion-prevention vendor Sourcefire Inc., posted the patch Sunday with the caveats that it applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees.

"The patch is just a replacement .dll -- AcroRd32.dll to be precise," said Grenier in a post to the Sourcefire vulnerability research blog. The .dll, which weighs in at 19MB, replaces the existing file in the "C:Program FilesAdobeReader 9.0Reader" directory on Windows machines.

"No warranty expressed or implied, etc. etc.," concluded Grenier.

Although hackers have been exploiting the flaw in Adobe Reader since at least Feb. 12 -- the date that Symantec Corp. researchers first found the attack code in the wild -- Adobe said last week that it may not patch the problem until March 11.

In a security advisory the company issued last Thursday, Adobe confirmed that Versions 7, 8 and 9 of both Reader and Adobe Acrobat, an advanced PDF-creation application, contain the flaw. It plans to patch Versions 7 and 8 at an unspecified date after it fixes Version 9 next month.

 

Another way to protect against the current exploits is to disable JavaScript, numerous experts have recommended. Although the flaw is not in the JavaScript functionality of Reader or Acrobat, since the exploits employ JavaScript, turning it off stymies any current attack.

To disable JavaScript in Adobe Reader, Windows users should select "Preferences" from the Edit menu, then click on "JavaScript" in the ensuing list and uncheck the box marked "Enable Acrobat JavaScript." Mac users will find the preferences under the "Adobe Reader" menu.

 

Grenier's patch can be downloaded via a link from the Sourcefire site.

Tools:  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

 

Post a commentPost a comment

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!  Register to become a member!  Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

 

[ To the top of the page To top | Latest News Latest News | News Archive News Archive | Cyber Tech Help News RSS Feed! ]