By Stevie Smith Sep 24, 2007, 13:49 GMT
UK security researcher ‘Petko Petkov,’ who recently uncovered zero-day flaws in Apple’s QuickTime media player and also Microsoft’s Windows Media Player, has now shone the spotlight of concern on a new severe vulnerability in Adobe Inc.’s PDF file system.
epa00793127 PC systems facing potential zero-day vulnerability via newly discovered Adobe PDF expoit. EPA/IBM/HO
According to Petko Petkov, the newly discovered PDF zero-day flaw can potentially be exploited in order for hackers to gain control of PC hardware running on Microsoft Windows XP operating systems, reports PC World.
"Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box," outlined the penetration tester on his blog at the tail end of last week, adding that all that is required to fall foul of the vulnerability "is to open a PDF document or stumble across a page, which embeds one."
While Petko Petkov has not yet offered any cast-iron evidence (proof-of-concepts) to confirm his PDF expoit – something he certainly does usually, and did with the QuickTime and Windows Media Player vulnerabilities – Internet security expert Symantec has placed enough stock in previous confirmations to support the security researcher’s alarm.
"Although these claims are currently unverifiable, this researcher has identified several vulnerabilities in the past and is likely credible regarding these findings," commented California-based Symantec Corporation.
By way of a temporary solution prior to an official patch fix being published by Adobe, Petko Petkov offers that users should avoid opening any and all PDF files, both locally and remotely. He also offers that the vulnerability has been located in Adobe’s Acrobat Reader 8.1, and is open to exploitation through the SP2 edition of Windows XP.
Your Talkback on this Story