Search This Blog

Wednesday, March 17, 2010

The more you patch, the more you (are suppose to fix)...

I try not to sound Adobe bashing, but the recent fix released by Adobe to address some "unknown" vulnerability had just opened up a bigger can of worms.

Read about it:
http://secunia.com/blog/76/

Basically, the fix to put in place for "something" from 9.3 to 9.3.1 of he Adobe Reader had introduced a TIFF library (which Adobe has control over the format). So, maybe we can say that 9.3.1 may be more vulnerable than 9.3 itself.

But, being said that, I would like to stress that 9.3 is currently very exploitable. Why so? There is a friendly metasploit library which targets basically almost all current version here:
http://packetstormsecurity.org/1003-exploits/adobe_libtiff.rb.txt

I am not saying you should give up using PDF and switch over to XPS, but at least use PDF with a cautious mind.

No comments:

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.