Originally published January 4, 2007 at 12:00 AM | Page modified January 4, 2007 at 1:01 PM
Adobe Reader flaw seen as major PC security problem
Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted Web links.
The Associated Press
SAN FRANCISCO (AP) — Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted Web links.
Virtually any Web site hosting Portable Document Format, or PDF, files are vulnerable to attack, according to researchers from Symantec Corp. and VeriSign Inc.'s iDefense Intelligence.
The attacks could range from stealing cookies that track a user's Web browsing history to the creation of harmful worms, the researchers said.
The flaw, first revealed at a hacker conference in Germany over the holidays, exists in a plug-in that enables Acrobat users to view PDF files within Web browsers.
By manipulating the Web links to those documents, hackers and online thieves are able to commandeer the Acrobat software and run malicious code when users attempt to open the files, according to Ken Dunham, director of the rapid response team at VeriSign's iDefense Intelligence.
Dunham gave this hypothetical scenario: an attacker finds a PDF file on a banking Web site. The attacker creates a hostile Web site that links to the bank's PDF file. Included is malicious JavaScript code that will run on the unsuspecting user's computer once the link is clicked.
"PDF is trusted and tried and true — everyone uses it," Dunham said. "But instead of just viewing the file, you've initiated script that shouldn't be executed. All you have to do is click on the PDF and the ball starts rolling."
Representatives from Adobe did not return a call from The Associated Press on Wednesday night.
The flaw appears to target Microsoft Corp.'s Internet Explorer 6.0 Web browser and earlier versions, and Mozilla's Firefox browser, the researchers said.
They recommended that users protect themselves by upgrading Internet Explorer or changing Firefox's user options so the browser does not use the Acrobat plug-in.
Researchers said it's unclear how pervasive or harmful any future attacks might be.
"Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved," a Symantec researcher said in a posting on a company Web log.
UPDATE - 09:46 AM
Exxon Mobil wins ruling in Alaska oil spill case
UPDATE - 09:32 AM
Bank stocks push indexes higher; oil prices dip
UPDATE - 08:04 AM
Ford CEO Mulally gets $56.5M in stock award
UPDATE - 07:54 AM
Underwater mortgages rise as home prices fall
NEW - 09:43 AM
Warner Bros. to offer movie rentals on Facebook
More Business & Technology headlines...
![]()

Entertainment | Top Video | World | Offbeat Video | Sci-Tech
general classifieds
Garage & estate salesFurniture & home furnishings
Electronics
just listed
***Stunning Akc POMERANIAN baby girl W/ FUL...
12 U Select Baseball Coach Wanted
1994 WIn 1901
More listings
POST A FREE LISTING
- Agency set to investigate handling of 911 call about Josh Powell
- Proposal to link Market, aquarium may be too ambitious for Seattle
- Chilling 911 tapes reveal pleas for help to go to Josh Powell home
- UW's Shawn Kemp Jr. makes own way despite familiar name, number | Steve Kelley
- State Medicaid program to stop paying for unneeded ER visits
- NBA's David Stern open to league returning to Seattle
- Lakewood cop accused of embezzling $150K meant for slain officers' families
- Prosecutor: Powell's final act ends doubt he killed wife
- Was idea of court-ordered test too much for Josh Powell?
- 3 big health insurers stockpile $2.4 billion as rates keep rising
- Gay-marriage bill passes House, awaits Gregoire's signature
426 - Historic day for gay marriage as another fight looming
343 - Sheriff's office unhappy with 911 dispatcher in caseworker's call
282 - 3 big health insurers stockpile $2.4 billion as rates keep rising
233 - Source: NY, California to sign mortgage settlement
195 - Pac-12 picks ... including the UW game
140 - Lakewood cop accused of taking donations for slain officers' families
108 - Department of Justice owes the Seattle Police Department an apology
85 - Thursday morning links --- and a video!!!
65 - Oregon live game thread
64
- State Medicaid program to stop paying for unneeded ER visits
- 3 big health insurers stockpile $2.4 billion as rates keep rising
- Here it is: The secret to stir-fried chicken | Taste
- Local aerospace suppliers say they feel squeezed by Boeing
- Dicks channeled federal money to Puget Sound project his son ran
- 'Gauguin and Polynesia': dazzling mix-and-match | Art review
- Buttoned Up: Nine immutable laws of time management
- Happy Hour: French-accented charm at Gainsbourg
- One man's audacious pursuit of sailing history
- Gay-marriage bill passes House, awaits Gregoire's signature
