Updated September 12 at 11:12 a.m. with comment from Adobe.
Certain URLs can cause Adobe Acrobat 9 to suffer a denial of service or crash, says a researcher.
According to an alert from the SecuriTeam mailing list, "a vulnerability in Adobe Acrobat 9 allow attackers to cause the program to crash by providing it with a malformed URL."
The alert cites a blog by researcher Jeremy Brown, who provides working exploit code. In one example, Brown uses the string "acroie:///DoS" to cause a DoS in Adobe Acrobat 9 running on Windows Vista.
A spokesperson for Adobe said Thursday night, "We are aware of and investigating this. Our initial findings are consistent with those reported by the researcher that this is a denial-of-service issue."
On Wednesday, researchers announced a flaw in how the Google Chrome browser behaves with undefined handlers. An exploit provided as a demonstration crashes the new browser.
In an article on the Securiteam site, Rishi Narang from Evilfingers says a crash can occur without user interaction. If a user is provided a malicious link with an undefined handler followed by a special character, Chrome crashes.
In Google-speak, the browser displays a message "Whoa, Google Chrome has crashed. Restart now?"
Narang found the fault in chrome.dll version 0.2.149.27. More details can be found on this Evilfingers page.
And on Tuesday, mere hours after Chrome was released, researcher Aviv Raff concocted a proof-of-concept demo to show how the Google browser could be made vulnerable to a carpet-bombing flaw and thus open a window for ill-intentioned hackers.
- prev
- 1
- next
