Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - JBIG2Decode PDF Vulnerability Auto-Exploited (

SkiifGeek writes: "With Adobe's patch for the JBIG2Decode vulnerability due in a few days time, new methods to target the vulnerability have been discovered that make it far riskier than previously thought. Didier Stevens recently showed the world how it is possible to exploit the vulnerability without the user actually opening an affected file, now he has discovered a way that allows for completely automated exploitation that results in anything up to a Local System account without any user interaction at all and only relies upon basic Windows components and Acrobat Reader elements.

There are some mitigating factors that limit the overall risk of this new discovery, but it does also highlight that merely uninstalling the Reader will not protect you from exploitation and does raise the possibility that other tools will access the vulnerable components and thus be vectors for attack."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

JBIG2Decode PDF Vulnerability Auto-Exploited

Comments Filter:

I just need enough to tide me over until I need more. -- Bill Hoest