Acrobat 9 crashes with malformed URLs

Researcher able to crash the document reader by pointing to URL with a specific string of characters.

Updated September 12 at 11:12 a.m. with comment from Adobe.

Certain URLs can cause Adobe Acrobat 9 to suffer a denial of service or crash, says a researcher.

According to an alert from the SecuriTeam mailing list, "a vulnerability in Adobe Acrobat 9 allow attackers to cause the program to crash by providing it with a malformed URL."

The alert cites a blog by researcher Jeremy Brown, who provides working exploit code. In one example, Brown uses the string "acroie:///DoS" to cause a DoS in Adobe Acrobat 9 running on Windows Vista.

A spokesperson for Adobe said Thursday night, "We are aware of and investigating this. Our initial findings are consistent with those reported by the researcher that this is a denial-of-service issue."

Tags:
Security
About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Is your phone battery always at 4 percent?

    These battery packs will give your device the extra juice to power through all of those texts and phone calls.