ID: IRCNE2013041832
Date: 2013-04-30
According to "computerworld", McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened.
The issue is not a serious problem and does not allow for remote code execution, wrote McAfee's Haifei Li in a blog post. But McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2, Li wrote.
"Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, Internet service provider or even the victim's computing routine," Li wrote. "In addition, our analysis suggests that more information could be collected by calling various PDF JavaScript APIs."
Li suggests the problem could be used for reconnaissance by attackers.
McAfee suggests that Adobe Reader users disable JavaScript until a patch is released. Adobe officials could not be immediately reached for comment.
- 3