Computer Security Research - McAfee Avert Labs Blog

Microsoft Patches… Wait for it… a PDF-Related Flaw

Wednesday February 14, 2007 at 4:25 pm CST
Posted by Karthik Raman

In a previous blog post I warned that we should be increasingly cautious with PDFs because more and more PDF-related flaws are being released. Security experts at RSA 2007 echoed last week that corporate threats seem to be “moving to Adobe”.

Today is Microsoft’s February Patch Tuesday. Microsoft issued six critical-rated and six important-rated patches. And one of the critical flaws being addressed by those patches – you guessed it – relates to PDFs. The MS07-010 bulletin states that a specially crafted PDF file could trigger an integer overflow in the Microsoft Malware Protection Engine. This would allow remote code execution; in one attack vector, no user interaction is required for exploitation. More information about this flaw can be found on the McAfee Threat Center site.

Do we have another PDF-flaw trend fitter or what?

This entry was posted on Wednesday, February 14th, 2007 at 4:25 pm and is filed under Security Bulletins, Vulnerability Research. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Microsoft Patches… Wait for it… a PDF-Related Flaw”

Chris Mosby at myITforum.com : McAfee Avert Labs Blog - Microsoft Patches… Wait for it… a PDF-Related Flaw Says:
February 15th, 2007 at 5:58 am
[…] Trackback […]

Microsoft Patches… Wait for it… a PDF-Related Flaw

One Response to “Microsoft Patches… Wait for it… a PDF-Related Flaw”

Leave a Reply

Archives

Categories