Acrobat 9 crashes with malformed URLs
Researcher able to crash the document reader by pointing to URL with a specific string of characters.
Updated September 12 at 11:12 a.m. with comment from Adobe.
Certain URLs can cause Adobe Acrobat 9 to suffer a denial of service or crash, says a researcher.
According to an alert from the SecuriTeam mailing list, "a vulnerability in Adobe Acrobat 9 allow attackers to cause the program to crash by providing it with a malformed URL."
The alert cites a blog by researcher Jeremy Brown, who provides working exploit code. In one example, Brown uses the string "acroie:///DoS" to cause a DoS in Adobe Acrobat 9 running on Windows Vista.
A spokesperson for Adobe said Thursday night, "We are aware of and investigating this. Our initial findings are consistent with those reported by the researcher that this is a denial-of-service issue."