Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security

Security

Highly Critical PDF Vulnerability

A patch is not yet available

By Marius Oiaga, Technology News Editor

3rd of January 2007, 14:43 GMT

Adjust text size:


Symantec is expecting to see an escalation in online attacks via malicious PDF files, as it has reported a vulnerability related to Adobe Acrobat files and Cross Site Scripting. Hon
Lau, a Sr. Security Response Engineer with Symantec has revealed that the Cupertino based security company has received reports of what he refers to as a "significant problem" that cand result in the Adobe reader plugin executing malicious JavaScript code on the client side. "This stems from the "Open Parameters" feature in Adobe Reader, which allows for parameters to be sent to the program when opening a .pdf file. Like most things in life, this was a feature designed for benign usage, but unfortunately somebody has discovered that it can be used for malicious purposes also," said Lau.

The reason why Symantec felt the need to ring the alarm is based on the fact that a successful attack via this vulnerability does not involve an exploit of flaws on the server side. "Any Web site that hosts a .pdf file can be used to conduct this attack. All the attacker has to do is find out who is hosting a .pdf file on their Web server and then piggy back on it to mount an attack using this method. What this means in a nutshell is that anybody hosting a PDF, including well trusted brands and names on the Web, could have their trust abused and become unwilling partners in crime," explained Lau.

Adobe Systems has yet to release an official comment on the matter at hand, or a security patch addressing the issue. At the time of this article, the details surrounding the vulnerability are scarce to say the least. Symantec does not reveal if all versions of the Adobe Acrobat application are vulnerable or if any of the browsers available on the market manage to stop the execution of malicious JavaScript code.

"To mitigate against attacks using this method you can implement JavaScript filtering capabilities to corporate firewalls and intrusion detection systems, and by disabling Adobe Reader plugin capabilities in Web browsers. As well as that, beware of people sending you links to .pdf files on the web. This would apply to all the usual distribution channels such as email, instant messaging, Web browsing, and so on. If you come across such a URL, look out for any unusual text or parameters after the .pdf extension," advised Lau.


Rating:
Fair (2.6/5) 10 vote(s) so far    

Read by 2,557 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


A Windows Vista Zero-Day Exploit Costs $50,000

McAfee Delivers Support for Windows Vista

Attack Vectors in Windows Vista

Microsoft's "Very Limited, Targeted Attacks"

Details on Three Unpatched MS Word Vulnerabilities

Neutral and Positive Feedback for Vista APIs

The Coordinates of an MS Word Attack

Windows Vista Is Plagued with Vulnerabilities

Adobe Photoshop CS3 Drops This Weekend

Microsoft Reduced Windows Attack Surface via PowerShell

Mars Is Adobe's Answer to Microsoft's XPS

MMS Exploit Available for Windows Mobile

Windows Vista Crack - Trojan Horse

Bad BadVista!

Microsoft Stops Hotmail Spam List Seller

Windows Vista's Reduced Functionality Mode

Recover from Vista Reduced Functionality Mode

Microsoft Is Still Delivering Windows Vista Release Candidate 1 Product Keys

Yes, Sophos Already Released Vista Anti-virus Protection

Spam to Take the Cybercrime Centerstage in 2007

Microsoft Opens Up the Vista Kernel

Kaspersky Unveils Support for Windows Vista

Windows CE 6 vs. Windows CE 5

User opinions:


Comment #1 by: David Smiley on 28 Sep 2008, 03:59 GMT reply to this comment

As far as I can tell from the description of this exploit, the problem is NOT with PDFs (as headlines from this and other articles would suggest), it is with Adobe's Acrobat Reader software. On Macs, Apple's "Preview" application is the default PDF reader. I keep it as the default, but have Adobe's software around for use in rare circumstances that keep getting rarer... it's a pig compared to Preview. And apparently it's now got a security vulnerability too; jeesh.

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive