Adobe PDF flaw gets homebrewed patch

A researcher for the security firm Sourcefire has published a homemade patch for the flaw which Adobe warned users about last week.

Adobe said at the time that users would have to wait until 11 March for it to release a patch for the flaw, which left users open to malicious PDF files that could be used by attackers to take control of the affected system.

However Lurene Grenier, research engineer at the Sourcefire Vulnerability Research Team, said that the patch (which only worked on Adobe Reader 9) was a replacement DLL that could write over the old version.

She said on the blog: "In the event that you do open a bad PDF file, you should see a pop up with the phrase insufficient data for an image', and nothing will show up. Reader will go on living happily."

However she said that the patch was created using only tools she could find at home, and that there was no guarantee that it would work for all attacks.

According to security research organisation Shadowserver, there have already been targeted attacks that are actively exploiting the flaw. However, disabling JavaScript could mitigate the exploit.