Free Republic

FireEye Labs has identified a new Windows local privilege escalation vulnerability in the wild. The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP. This local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability. The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit. Post exploitation, the...

Note: The following text is a quote: New Attack Vectors for Adobe JBIG2 Vulnerability added March 10, 2009 at 04:52 pm US-CERT is aware of public reports of two new attack vectors for a vulnerability affecting Adobe Reader and Acrobat. This vulnerability is due to a buffer overflow condition that exists in the way Adobe Acrobat Reader handles JBIG2 Streams. When Adobe Reader is installed on a system, it adds an IFilter that allows applications such as the Windows Indexing Service to index PDF files. If the Windows Indexing Service processes a malicious PDF file stored on the system, the...

Acrobat and also Ethereal suffer vulnerability alerts. Adobe has patched two bugs in its ubiquitous Acrobat Reader application that could allow an attacker to take over a user's system via a malicious pdf file attached to an e-mail message. The bugs affect Windows, Mac OS X and Unix. Separately, developers warned of bugs in Ethereal, a popular network protocol analyser, that could allow an attacker to take over a system. Security research company iDefense warned of the bug affecting Windows and Mac in an advisory published on the Bugtraq mailing list late on Tuesday. The problem is a format string...