Tech Shout!

A flaw had been found in the Adobe Reader program, which attackers can use to compromise a system. It seems that an attack can be established only be opening a manipulated PDF document. The bug was first discovered by security researcher Petko Petkov, who does not give any further details.

If the name Petkov sounds familiar, then you aren’t wrong, as this is the same person who in the past has issued details on a number of flaws in products such as Firefox with a QuickTime plug-in, the Second Life client, and the Firebug JavaScript debugger, which were confirmed by the respective developers and eventually fixed.

Coming back to Adobe Reader PDF hole, Petkov’s has written comments on his blog entry, however, added a video showing that the Windows calculator starts when a PDF document is opened. According to Petkov, Adobe has already seconded the existence of the vulnerability.

Petkov maintains that the safest thing that users can do is try and avoid the opening of untrusted PDF files until an update has been released. Apart from Adobe Reader 7.0, 8.0, and 8.1 running on Windows XP with service pack 2 and Internet Explorer 7, alternative PDF readers such as FoxIt are also reportedly affected and therefore do not comprise workarounds. Apparently the flaw does not affect Windows Vista.

For sure, Petkov’s past records in detecting vulnerabilities gives reasons enough to trust the man and therefore one should try and be careful whilst PDF files from unknown sources.