Acrobat 9 crashes with malformed URLs

Researcher able to crash the document reader by pointing to URL with a specific string of characters.

Updated September 12 at 11:12 a.m. with comment from Adobe.

Certain URLs can cause Adobe Acrobat 9 to suffer a denial of service or crash, says a researcher.

According to an alert from the SecuriTeam mailing list, "a vulnerability in Adobe Acrobat 9 allow attackers to cause the program to crash by providing it with a malformed URL."

The alert cites a blog by researcher Jeremy Brown, who provides working exploit code. In one example, Brown uses the string "acroie:///DoS" to cause a DoS in Adobe Acrobat 9 running on Windows Vista.

A spokesperson for Adobe said Thursday night, "We are aware of and investigating this. Our initial findings are consistent with those reported by the researcher that this is a denial-of-service issue."

Featured Video

This Nokia virtual-reality camera costs $60,000

Good VR doesn't come cheap, as evidenced by Nokia's Ozo 360-degree video camera. Meanwhile, Swatch's next smartwatch has mobile payments, and Blocks lets you build your own smartwatch.

by Bridget Carey