I try not to sound Adobe bashing, but the recent fix released by Adobe to address some "unknown" vulnerability had just opened up a bigger can of worms.
Read about it:
http://secunia.com/blog/76/
Basically, the fix to put in place for "something" from 9.3 to 9.3.1 of he Adobe Reader had introduced a TIFF library (which Adobe has control over the format). So, maybe we can say that 9.3.1 may be more vulnerable than 9.3 itself.
But, being said that, I would like to stress that 9.3 is currently very exploitable. Why so? There is a friendly metasploit library which targets basically almost all current version here:
http://packetstormsecurity.org/1003-exploits/adobe_libtiff.rb.txt
I am not saying you should give up using PDF and switch over to XPS, but at least use PDF with a cautious mind.
No comments:
Post a Comment