Certain URLs can cause Adobe Acrobat 9 to suffer a denial of service or crash, says a researcher.
According to an alert from the SecuriTeam mailing list, "a vulnerability in Adobe Acrobat 9 allow attackers to cause the program to crash by providing it with a malformed URL."
Um.. what *doesn't* cause adobe acrobat to crash? :PROFL - Amen!-mouser (September 14, 2008, 07:38 AM)
I'm at a loss as to how this can be called a "denial of service" vulnerability. Sure, it's a bug in Acrobat, but from the description all it does is cause it to crash when you open a document with the malformed URL. What service is being denied? The ability to open documents that are intended to crash the program?When a program is referred to as undergoing denial of service, it means the application is not functioning, for example its main thread may be processing an infinite loop, or using a blocking function that won't return etc.-mwb1100 (September 14, 2008, 02:01 PM)
Use of "denial of service" in this case is entirely legitimate, unless they're blatantly lying, which I am yet to see any evidence of, unless you have any...?I wouldn't say they're blatantly lying, just exaggerating or sensationalizing the scope of the problem.-Ehtyar (September 14, 2008, 05:12 PM)
OMG! Everyone remember this day, this is like the THIRD time Carol and I have agreed on ANYTHING here on this forum!-Josh (September 14, 2008, 05:10 PM)
Ehtyar, I think the issue here with using "denial of service" is that we usually hear it in terms of DOS or DDOS attacks, and not just bugs.I understand. Perhaps a quick Google or two might help clear up any misconception before people post on a thread they're confused about. Denial of service is the technical term, regardless of any connotations associated with the phrase.-Deozaan (September 14, 2008, 05:43 PM)
I wouldn't say they're blatantly lying, just exaggerating or sensationalizing the scope of the problem.How so, given that their use of this phrase is entirely legitimate?-mwb1100 (September 14, 2008, 06:09 PM)
And I agree with mouser and others: Whenever Acrobat opens in the browser is practically denies my browser service because it freezes it up or takes forever to initialize or whatever. Acrobat opened up independently of the browser is okay--usually--but whoever decided Acrobat should be a browser plugin needs to be punished!-Deozaan (September 14, 2008, 05:43 PM)
One of the thing Adobe always say is that leaving behind older versions of Acrobat when you upgrade causes problems. Old versions should be removed completely before installing a new major version. Maybe you should try a clear out of all Acrobat software and then reboot and reinstall the latest version.Clearly they take great care to ensure their applications function optimally *cough* *splutter*-Carol Haynes (September 14, 2008, 06:24 PM)
Denial of service is the technical term, regardless of any connotations associated with the phrase.It may be a technical term, but apparently there is still some difference of opinion on it. In my opinion it's a stretch to call this a denial of service - what service is being blocked/prevented/denied?I wouldn't say they're blatantly lying, just exaggerating or sensationalizing the scope of the problem.How so, given that their use of this phrase is entirely legitimate?-mwb1100 (September 14, 2008, 06:09 PM)-Ehtyar (September 14, 2008, 06:21 PM)
A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have.-http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci213591,00.html
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.-http://en.wikipedia.org/wiki/Denial-of-service_attack
A type of crack attack that makes it difficult, if not impossible, for valid system users to access their computer or particular services?such as Web applications?on a computer.-http://www.yourdictionary.com/denial-of-service
A condition in which a system can no longer respond to normal requests.-http://www.pcmag.com/encyclopedia_term/0,2542,t=denial+of+service&i=41128,00.asp
Are you suggesting Acrobat provides no service? In any case, were it an infinite loop scenario you're probably looking at high CPU usage, which may conform to your definition.Denial of service is the technical term, regardless of any connotations associated with the phrase.It may be a technical term, but apparently there is still some difference of opinion on it. In my opinion it's a stretch to call this a denial of service - what service is being blocked/prevented/denied?I wouldn't say they're blatantly lying, just exaggerating or sensationalizing the scope of the problem.How so, given that their use of this phrase is entirely legitimate?-mwb1100 (September 14, 2008, 06:09 PM)-Ehtyar (September 14, 2008, 06:21 PM)
Since you suggested using Google to clear up any misconception, here's what I get on the first results page for the search '"denial of service" definition', listing only the results that don't discuss only distributed denial of service attacks, which I think everyone can agree this is not:A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have.-http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci213591,00.htmlA denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.-http://en.wikipedia.org/wiki/Denial-of-service_attackA type of crack attack that makes it difficult, if not impossible, for valid system users to access their computer or particular services?such as Web applications?on a computer.-http://www.yourdictionary.com/denial-of-serviceA condition in which a system can no longer respond to normal requests.-http://www.pcmag.com/encyclopedia_term/0,2542,t=denial+of+service&i=41128,00.asp
I still don't think this meets these definitions. If you do, that's fine.-mwb1100 (September 14, 2008, 09:20 PM)
...Correct.
At least it's not a serious vulnerability
...-Lashiec (September 15, 2008, 08:17 AM)