PDF Vulnerability Now Exploitable With No Clicking

Posted by CmdrTaco on Thursday March 5, 2009 @01:48AM from the don't-not-click dept.

SkiifGeek writes "With Adobe's patch for the current PDF vulnerability still some time away, news has emerged of more techniques that are available to exploit the vulnerability, this time without needing the victim to actually open a malicious file. Instead, the methods make use of a Windows Explorer Shell Extension that is installed alongside Adobe Reader, and which will trigger the exploitable code when the file is interacted with in Windows Explorer. Methods have been demonstrated of successful exploitation with a single click, with thumbnail view, and with merely hovering the mouse cursor over the affected file. There are many ways that exploits targeting the JBIG2 vulnerability could be hidden inside a PDF file, and it seems that the reliability of detection for these varying methods is spotty, at best."

4 of 206 comments (clear)

Min score:

Reason:

Sort:

Re:So, don't use Adobe Reader by symes · 2009-03-05 02:03 · Score: 2, Funny

Sod it - I'm going back to plain text and ascii art.
Re: change it to meet your needs by Anonymous Coward · 2009-03-05 02:23 · Score: 1, Funny

Dearest Joey
I have finally managed to make it display knitting patterns, so I updated the master source on sourceforge.
All my love,
Granny
Hold on by rockbottoms · 2009-03-05 02:29 · Score: 2, Funny

My Adobe PDF is loading. I'll let you know if it's safe or not in about 5 minutes
Re:DONT CROSS THE STREAMS by Waffle+Iron · 2009-03-05 03:54 · Score: 2, Funny

You mean, even LaTeX is not safe against Viruses? What should we use then?
LaMbSkIn?