Exploit posted for brand-new Adobe PDF zero-day

Proof-of-concept exploit code has been published for a new zero-day vulnerability haunting Adobe's widely deployed PDF Reader software.In a brief note posted to its PSIRT blog, Adobe confirmed it was investigating the issue, which affects Adobe Reader 9.

Proof-of-concept exploit code has been published for a new zero-day vulnerability haunting Adobe's widely deployed PDF Reader software.

In a brief note posted to its PSIRT blog, Adobe confirmed it was investigating the issue, which affects Adobe Reader 9.1 and 8.1.4.  "We are currently investigating, and will have an update once we get more information," according to Adobe's David Lenoe.

More details are available in this advisory:

Adobe Reader 'getAnnots()' Javascript Function Remote Code Execution Vulnerability

Adobe Reader is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

Reader 8.1.4 and 9.1 for Linux are vulnerable; other versions or platforms may also be affected.

Adobe's PDF Reader software is a popular target for malware authors so, in the absence of a patch, users should consider using an alternative product.  A list of alternatives is available at pdfreaders.org.