Certain URLs can cause Adobe Acrobat 9 to suffer a denial of service or crash, says a researcher.
A spokesperson for Adobe said Thursday night, “We are aware of and investigating this. Our initial findings are consistent with those reported by the researcher that this is a denial-of-service issue.”
Updated September 12 at 11:12 a.m. with comment from Adobe.
The alert cites a blog by researcher Jeremy Brown, who provides working exploit code. In one example, Brown uses the string “acroie:///DoS” to cause a DoS in Adobe Acrobat 9 running on
Windows Vista.
According to an alert from the SecuriTeam mailing list, “a vulnerability in Adobe Acrobat 9 allow attackers to cause the program to crash by providing it with a malformed URL.”