Saturday, October 27, 2007

Russian PDF attacks surge; Microsoft takes blame

Microsoft Windows ShellExecute function turns out to be the real culprit in the PDF vulnerability problems. Fixes to Firefox, Adobe products and others close the URI attack vectors but do nothing to address the underlying vulnerability or vulnerabilities.

While MS says (accurately) in the advisory that the attacks are "fairly limited", they are growing in number and intensity. This short article on Computer World's site explains some and the MS advisory tells the rest.

Jack

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.