Slashdot Mirror

← Back to Stories (view on slashdot.org)

No JavaScript Needed For New Adobe Exploits

Posted by CmdrTaco on from the this-will-end-badly dept.

bl8n8r writes "More woes for Adobe as a security firm creates a proof-of-concept attack that injects malicious code as part of the update process. The user only needs to click a dialog box to execute the code and no JavaScript is needed to launch the exploit. The exploit affects Foxit as well as Adobe Acrobat software. This exploit is made possible through the host software allowing execution of system binaries. Not clear if it's multi-platform, but seems plausible."

2 of 187 comments (clear)

  1. Dupe Dupe by Nerdfest · · Score: 5, Informative

    I believe this exploit has already been patched in FoxIT, assuming this is the same exploit descibed here on SlashDot 2 weeks ago. Strangely, I haven't seen an update from Adobe ...

  2. Not really an exploit... by Skuld-Chan · · Score: 5, Informative

    This feature is in the PDF specification, and in fact in the youtube video you'll notice that the trust manager warning is pretty severe "only do this if you trust the PDF" sort of thing.

    To me its akin to downloading an EXE from a website with a browser and clicking the open button...