CERT has identified a potential vulnerability in popular Portable Document File (PDF) readers and viewers. In the words of the CERT advisory . . .

“When a victim clicks on a hyperlink contained within a malicious PDF file, an attacker may be able to execute arbitrary commands with the privileges of the victim. This is possible because some UNIX/Linux PDF readers/viewers spawn external programs to handle hyperlinks by invoking the shell command interpreter.”

Updates are rapidly being released for popular PDF reader/viewer programs such as Adobe Reader, xpdf, etc.

CERT's full advisory regarding PDF readers/viewers is here (“Vulnerability Note VU#200132”).

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.