/var/log/messages
This section contains the latest news, announcements and thoughts from the MWR InfoSecurity team.
Full TextDemo: Adobe Reader Exploit on Vista and 7
Jan 14, 2010
In response to the recent vulnerability in Adobe Reader MWR InfoSecurity conducted some additional research in this area. We were able to confirm that the issue, otherwise referred to as Adobe Reader "media.newPlayer" vulnerability, is also exploitable on Vista and Windows 7 with ASLR and DEP enabled. This can be observed in the following flash demo: -
The research enabled an exploit to be crafted that works very reliably across multiple versions of Adobe Reader. Given these facts MWR InfoSecurity highly recommend that everyone running the software installs the appropriate patch for the issue using the adobe update software. In addition it is recommended that JavaScript support within Adobe Reader is also disabled.