Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Spam Reports

Spam Reports

PDF Attacks Enhanced by Windows Vulnerability?

Microsoft says yes but Adobe patches the flaw

By Bogdan Popa, Security and Search Engines Editor

8th of November 2007, 08:45 GMT

Adjust text size:


Adobe Reader
Enlarge picture
The story so far: a few days ago, a new PDF spam attack was starting, numerous consumers receiving dangerous emails containing malicious PDF files attempting to infect the victims'
computers. The messages were attempting to exploit a vulnerability in Adobe Acrobat, one of the most popular applications when it comes to the Portable Document Format. According to the reports, Adobe's technology was not able to handle the mailto tags included in PDF files which could enable an attacker gain access to the affected system. The software glitch was confirmed in Adobe Acrobat and Adobe Acrobat Reader installed on Windows XP with Internet Explorer.

In case you didn't read the news, Adobe already fixed the flaw but the interesting aspect of the glitch was reported by Security Focus today. In a blog post published on the Microsoft Security Response Center, the Redmond-based company confirmed the problems with the PDF file format but it added that the exploitation can be enhanced by a Windows vulnerability.

"Because the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third party updates do not resolve the vulnerability - they just close an attack vector," Bill Sisk of the Microsoft Security Response Center wrote on the blog. "As part of our SSIRP process we currently have teams worldwide who are working around the clock to develop an update of appropriate quality for broad distribution. Because ShellExecute is a core part of Windows, our development and testing teams are taking extra care to minimize application compatibility issues."

The PDF spam has always been a problem for many of the Internet users but it seems it is more powerful now when it attempts to take advantage of some Windows vulnerabilities. How can we protect ourselves? Avoid opening untrusted emails and downloading unknown PDF attachments included in the messages.

"To help protect yourself during the interim we continue to recommend that you should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources and/or visiting untrusted websites. This is absolutely one of the most effective ways to help protect yourself from a variety of threats on the Internet today", the Microsoft official advised the consumers.

TAGS:

 adobe | reader | microsoft | windows | security


Rating:
Fair (2.8/5) 7 vote(s) so far    

Read by 321 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Sick of PDF? Turn to Microsoft's XPS for Windows Vista

Google Debuts Download PDF Feature

PDF Files Used in Hack Attacks

Google: PDF Print Support Enabled!

PDF Spam Crashed and Burned!

PDF-files Slaughter Windows!

Windows Users Not Vulnerable To PDF Flaw

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive