Internet security firm Trend Micro has warned that the portable document format (PDF) files may lead to Trojan attacks if they are not opened with the updated Acrobat Reader. The firm also fears that Trojans may exploit an array indexing error in versions 9 and older, thereby opening your computer to a can of worms.
The buffer overflow vulnerability in versions 9.0.0 and older versions of Adobe Acrobat and Adobe Readers may cause the programs to crash, or may allow a remote user to execute malicious code on an affected system.
Several malware related such vulnerability in of the older Adobe Acrobat family of applications are have been identified as TROJ_PIDIEF.IN, TROJ_PIDIEF.IP, TROJ_PIDIEF.KO and TROJ_PIDIEF.JB.
Trend Micro's country manager (India and SAARC), Amit Nath said: â??For example, the Trojan TROJ_PIDIEF.IN takes advantage of Adobe Vulnerability CVE-2009-0658 - an array indexing error when processing a malformed JBIG2 stream within a PDF document. It could allow attackers to cause a vulnerable application to crash or execute arbitrary code by tricking a user into opening a specially-crafted PDF file.â?
The affected software includes Adobe Acrobat Pro 9.0.0 and earlier versions, Adobe Acrobat Pro Extended 9.0.0 and earlier versions, Adobe Acrobat Standard 9.0.0 and earlier versions and Adobe Reader 9.0.0 and earlier versions.
Nath said: â??Since Acrobat integrates seamlessly with popular web browsers, simply clicking on a seemingly-safe PDF file on a website may be enough to cause Acrobat to load PDF content on your computer.â?
Last week, Adobe has recommended users of Adobe Reader and Acrobat 9 to update to the latest versions Adobe Reader 9.1 and Acrobat 9.1. As per the latest available information, updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, are expected to be launched by Adobe by March 18. Adobe Reader 9.1 for UNIX is also likely to be made available by 25 March.