Critical no-click Adobe vulnerability fixed, for some
What a great world we'd live in if legitimate businesses were as eager to save us trouble as toil as the malware guys are, right? A critical zero-day flaw in Adobe Reader and Acrobat can be used to attack a Windows machine without even opening the infected file -- the height of convenience indeed.
A buffer-overflow flaw is news to nobody familiar with Windows, but the service targeted, the Windows Indexing Service, may not be familiar to all. That service provides an index of files on the system -- it's how you can see the title and author and so forth for a PDF document in Windows Explorer, or how you view thumbnails if that's your Explorer preference.
The "/JBIG2Decode" exploit involves using a malformed version of that stream object, which Windows attempts to read as it does for all PDF files. Didier Stevens, a European security researcher, released video of a proof-of-concept attack last week that demonstrates the problem as seen through the OllyDbg debugger.
Yes, Adobe knows, warning the populace on February 19 and releasing the first patch, for Adobe 9 (Reader and Acrobat) users, today, numbered 9.1. Patches for those still using versions 7 and 8 of Reader and Acrobat, as well as a 9.1 version for Unix, should be available within a week.