What is it?
A vulnerability in Adobe Reader/Acrobat is being actively exploited as a zero-day that allows the the execution of arbitrary code when the user opens a PDF file containing an embedded font.
How does it work?
The vulnerability is caused by a boundary error within CoolType.dll when parsing fonts using the SING architecture, which allows specifying rare characters not included in standard character sets. During parsing of the “uniqueName” entry of a SING table, a classic stack-based buffer overflow may occur.
Should I be worried?
Yes, though a patch has been issued, the vulnerability is still being exploited to compromise systems.
How can I prevent it?
Patches were not issued until week 40. Users should, therefore, be cautious and only open trusted PDF files. There are no options in Adobe Reader/Acrobat to disable the affected functionality, nor is it possible to restrict access to CoolType.dll, as it is a core component.
Source: Carsten Eiram, chief security specialist, Secunia
A vulnerability in Adobe Reader/Acrobat is being actively exploited as a zero-day that allows the the execution of arbitrary code when the user opens a PDF file containing an embedded font.
How does it work?
The vulnerability is caused by a boundary error within CoolType.dll when parsing fonts using the SING architecture, which allows specifying rare characters not included in standard character sets. During parsing of the “uniqueName” entry of a SING table, a classic stack-based buffer overflow may occur.
Should I be worried?
Yes, though a patch has been issued, the vulnerability is still being exploited to compromise systems.
How can I prevent it?
Patches were not issued until week 40. Users should, therefore, be cautious and only open trusted PDF files. There are no options in Adobe Reader/Acrobat to disable the affected functionality, nor is it possible to restrict access to CoolType.dll, as it is a core component.
Source: Carsten Eiram, chief security specialist, Secunia
