normal_post - New PDF Security Exploit Emerges   - Technology Author Topic: New PDF Security Exploit Emerges  (Read 503 times)

G@Len

  • INTERN
  • **
  • avatar_275 - New PDF Security Exploit Emerges   - Technology
  • Posts: 668
  • wabodu badah!
    • Share Post
xx - New PDF Security Exploit Emerges   - Technology
New PDF Security Exploit Emerges
« on: September 23, 2007, 04:24:43 PM »
SOURCE: www.internetnews.com
September 21, 2007
New PDF Security Exploit Emerges
By Andy Patrizio

A new vulnerability has emerged in Adobe's Portable Document Format (PDF) and, so far, only Adobe and a white hat hacker know about it. But give the bad guys time.

PDF was the target of another exploit in January, which was quickly fixed. It then emerged earlier this summer as the new method for delivering spam because spam filters have become so efficient at blocking other forms.

PDF-based spam died off in a matter of months because it was too inefficient a means of delivery and the spam filter vendors were able to develop effective means to spot it.

Now, Petko D. Petkov, a.k.a. pdp, is the leader of Gnucitizen, a security Web site and security consultant in the U.K. has found a new JavaScript-based exploit in PDF that would allow malicious JavaScript code to execute on a user's client simply from opening an infected PDF file.

Petkov won't publish proof of concept code because the exploit is so dangerous, PDF is so ubiquitous and "it may take a while for Adobe to fix their closed source product," he wrote on a Gnucitizen posting.

Paul Henry, vice president of technology evangelism for Secure Computing, said even without sample code, it's still enough to send the bad guys off sniffing through the PDF format to find the holes. "Just the fact it has been found makes me think it will become available eventually," he told InternetNews.com.

Henry said the exploit is particularly insidious because it can embed JavaScript in the file, so an anti-virus scanner may not see it. "In this Web 2.0 world, it's important to scan everything coming over the wire, including scripts with malicious intent," he said.

Adobe has said that it is aware of the problem. "Adobe and Petkov have been in communication," the company said in a statement to InternetNews.com. "Adobe is currently researching the potential issue. Once this process is complete, Adobe plans to share further information on the topic via the company's Adobe Security Bulletins and Advisories page."

For now, both Adobe and Secure Computing offer the same advice: Never open a PDF from an unknown source and if you get it from a known source but weren't expecting it, double check with that person.

Linkback: https://tubagbohol.mikeligalig.com/index.php?topic=4924.0
blackeye@rybnet.pl | hitmemore@nutdrug.ru | ringme@comision1135.com.ar | black.rossy@pillmathe12l.ru | indosat@defdrug.ru | isumbong@sonda.co.kr



Share via facebook Share via linkedin Share via pinterest Share via tumblr Share via twitter

 

Latest Topics

Vicks Vapor Rub On Your Child's Feet To Stop The Night Time Cough by islander
[September 17, 2019, 04:04:40 AM]


Waking at the same time each night reveals details about your health by islander
[September 17, 2019, 03:46:34 AM]


Energy Investment Briefing by MIKELIGALIG.com
[September 16, 2019, 08:21:42 PM]


Drone attacks on Saudi Aramco by MIKELIGALIG.com
[September 16, 2019, 05:18:20 PM]


Dr. Quipit Grace Internal Medicine HNU Hospital by MIKELIGALIG.com
[September 16, 2019, 06:52:54 AM]


Internal Medicine HNU Hospital Dr. Sales Ronald by MIKELIGALIG.com
[September 16, 2019, 06:51:35 AM]


General Surgery HNU Hospital Dr. Senerpida by MIKELIGALIG.com
[September 16, 2019, 06:50:20 AM]


HNU Hospital Internal Medicine Dr. Ugpo by MIKELIGALIG.com
[September 16, 2019, 06:49:06 AM]


Pediatrics Dr. Amalia Valdez by MIKELIGALIG.com
[September 16, 2019, 06:47:42 AM]


Prohibited Motion for Reconsideration by MIKELIGALIG.com
[September 15, 2019, 01:55:25 PM]

SMF spam blocked by CleanTalk
Powered by SMFPacks SEO Pro Mod | Sitemap
Mobile View
SimplePortal 2.3.7 © 2008-2019, SimplePortal