normal_post - New PDF Security Exploit Emerges   - Technology Author Topic: New PDF Security Exploit Emerges  (Read 503 times)


  • **
  • avatar_275 - New PDF Security Exploit Emerges   - Technology
  • Posts: 668
  • wabodu badah!
    • Share Post
xx - New PDF Security Exploit Emerges   - Technology
New PDF Security Exploit Emerges
« on: September 23, 2007, 04:24:43 PM »
September 21, 2007
New PDF Security Exploit Emerges
By Andy Patrizio

A new vulnerability has emerged in Adobe's Portable Document Format (PDF) and, so far, only Adobe and a white hat hacker know about it. But give the bad guys time.

PDF was the target of another exploit in January, which was quickly fixed. It then emerged earlier this summer as the new method for delivering spam because spam filters have become so efficient at blocking other forms.

PDF-based spam died off in a matter of months because it was too inefficient a means of delivery and the spam filter vendors were able to develop effective means to spot it.

Now, Petko D. Petkov, a.k.a. pdp, is the leader of Gnucitizen, a security Web site and security consultant in the U.K. has found a new JavaScript-based exploit in PDF that would allow malicious JavaScript code to execute on a user's client simply from opening an infected PDF file.

Petkov won't publish proof of concept code because the exploit is so dangerous, PDF is so ubiquitous and "it may take a while for Adobe to fix their closed source product," he wrote on a Gnucitizen posting.

Paul Henry, vice president of technology evangelism for Secure Computing, said even without sample code, it's still enough to send the bad guys off sniffing through the PDF format to find the holes. "Just the fact it has been found makes me think it will become available eventually," he told

Henry said the exploit is particularly insidious because it can embed JavaScript in the file, so an anti-virus scanner may not see it. "In this Web 2.0 world, it's important to scan everything coming over the wire, including scripts with malicious intent," he said.

Adobe has said that it is aware of the problem. "Adobe and Petkov have been in communication," the company said in a statement to "Adobe is currently researching the potential issue. Once this process is complete, Adobe plans to share further information on the topic via the company's Adobe Security Bulletins and Advisories page."

For now, both Adobe and Secure Computing offer the same advice: Never open a PDF from an unknown source and if you get it from a known source but weren't expecting it, double check with that person.

Linkback: | | | | |

Share via facebook Share via linkedin Share via pinterest Share via tumblr Share via twitter


Latest Topics

Vicks Vapor Rub On Your Child's Feet To Stop The Night Time Cough by islander
[September 17, 2019, 04:04:40 AM]

Waking at the same time each night reveals details about your health by islander
[September 17, 2019, 03:46:34 AM]

Energy Investment Briefing by
[September 16, 2019, 08:21:42 PM]

Drone attacks on Saudi Aramco by
[September 16, 2019, 05:18:20 PM]

Dr. Quipit Grace Internal Medicine HNU Hospital by
[September 16, 2019, 06:52:54 AM]

Internal Medicine HNU Hospital Dr. Sales Ronald by
[September 16, 2019, 06:51:35 AM]

General Surgery HNU Hospital Dr. Senerpida by
[September 16, 2019, 06:50:20 AM]

HNU Hospital Internal Medicine Dr. Ugpo by
[September 16, 2019, 06:49:06 AM]

Pediatrics Dr. Amalia Valdez by
[September 16, 2019, 06:47:42 AM]

Prohibited Motion for Reconsideration by
[September 15, 2019, 01:55:25 PM]

SMF spam blocked by CleanTalk
Powered by SMFPacks SEO Pro Mod | Sitemap
Mobile View
SimplePortal 2.3.7 © 2008-2019, SimplePortal