Adobe Reader or Acrobat: critical issue

**Wallalai** · 16-12-2009, 10:18 PM

Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe - Security Advisories: APSA09-07 - Security Advisory for Adobe Reader and Acrobat

**baldrick** · 17-12-2009, 04:07 AM

if you just want to read PDFs , uninstall adobe reader and install foxit.

**melvbot** · 17-12-2009, 04:36 AM

Foxit Software - Foxit Reader 3.0 for Windows

Thats for Windows. Most browser can either read PDF's or have a plugin to read them.

**Butterfly** · 17-12-2009, 07:38 AM

nice link, thanks

**Marmite the Dog** · 17-12-2009, 09:02 AM

I use Foxit. Not very impressed with it though. It seems sloooow or maybe it's just that my PC is bogged down as it is full of crap?

**thaibulge** · 22-12-2009, 07:22 AM

Originally Posted by baldrick

if you just want to read PDFs , uninstall adobe reader and install foxit.

Good call. I got fed up with my antivirus s/w reporting Adobe Reader issues.

**melvbot** · 01-04-2010, 01:28 PM

Ooops

Using FoxIt because you think it's safer than Adobe Reader? Think again.

Whenever we run a post about yet another security hole in Adobe Reader, commenters chime in with their support for Foxit's free alternative. If you've been sining its praises for security reasons, think again says security pro Didier Stevens.

Foxit, it turns out, has a rather major flaw right now. An attacker can piggyback and launch an executable within a PDF which Foxit will then run without any requesting confirmation from the user. Adobe Reader, on the other hand, throws up an alert window to ask whether the file should be allowed to run. "In this case, Foxit Reader is probably worse than Adobe Reader, because no warning gets displayed to prevent the launch action," says Stevens.

My desktop PDF viewer of choice -- Sumatra -- isn't affected by the exploit, nor is PDF-XChange and you can always play it safe by using the Google Docs web viewer.

And no, Stevens' exploit doesn't work on Linux or Mac. One crucial detail several commenters on his post seem to have missed is that he's calling cmd.exe, a file which you're not usually going to find on a non-Windows box...

**Butterfly** · 04-04-2010, 08:33 PM

Sumatra is quite nice too,

Thread: Adobe Reader or Acrobat: critical issue

Thread Tools

Display

Adobe Reader or Acrobat: critical issue

Thread Information

Users Browsing this Thread

Posting Permissions