 | |
| |
| 06 Apr 2010 | #1 |
| | PDF security hole opens can of worms. Quote: The security perils of PDF files have been further highlighted by new research illustrating how a manipulated file might be used to infect other PDF files on a system. Jeremy Conway, an application security researcher at NitroSecurity, said the attack scenario he has discovered shows PDFs are "wormable". Computer viruses are capable, by definition, of overwriting other files to spread. Conway's research is chiefly notable for illustrating how a benign PDF file might become infected using features supported by PDF specification, not a software vulnerability as such, and without the use of external binaries or JavaScript. The "wormable PDF" research comes days after another security researcher, Didier Stevens, showed how it was possible to both embed malicious executables in PDFs and manipulate pop-up dialog boxes to trick victims into running a malicious payload. Both Adobe and FoxIT are working on a fix against the security shortcomings in their respective PDF viewing packages illustrated by the research. |
My System Specs | |
| 07 Apr 2010 | #2 |
| | Note that at least one attack vector in Adobe Acrobat Reader can be closed by going to "Edit/Preferences/Trust Manager" and unchecking the box that says: "Allow opening of non-PDF file attachments with external applications" More information here: Adobe Issues Advisory to Block Embedded Executes | News & Opinion | PCMag.com |
| My System Specs |
| 07 Apr 2010 | #3 |
| | 
Quote: Originally Posted by JMH  Quote: The security perils of PDF files have been further highlighted by new research illustrating how a manipulated file might be used to infect other PDF files on a system. Jeremy Conway, an application security researcher at NitroSecurity, said the attack scenario he has discovered shows PDFs are "wormable". Computer viruses are capable, by definition, of overwriting other files to spread. Conway's research is chiefly notable for illustrating how a benign PDF file might become infected using features supported by PDF specification, not a software vulnerability as such, and without the use of external binaries or JavaScript. The "wormable PDF" research comes days after another security researcher, Didier Stevens, showed how it was possible to both embed malicious executables in PDFs and manipulate pop-up dialog boxes to trick victims into running a malicious payload. Both Adobe and FoxIT are working on a fix against the security shortcomings in their respective PDF viewing packages illustrated by the research. |
| My System Specs |
| . |
| |
| 07 Apr 2010 | #4 |
| | CarlTR6, Did you get the update for FoxIt 3.2.1.0401, released April 2,2010. Bugfix: Foxit Software - Bug Fix List for Foxit Reader Personally, I use an alternate PDF reader, Sumatra PDF since FoxIt includes the Ask Toolbar and ebay desktop shortcut. There are a number of open source readers available from PDFreaders.org - Get a Free Software PDF reader!. |
| My System Specs |
| 07 Apr 2010 | #5 |
| | Thank you, Corrine; yes I got it. I did not install the Ask toolbar nor the Ebay shortcut. But I will certainly investigate Sumatra and other open source readers. Thanks for the link. |
| My System Specs |
| 07 Apr 2010 | #6 |
| | You're welcome. |
| My System Specs |
 |
PDF security hole opens can of worms. problems?
| Thread Tools | |
| Similar help and support threads for: PDF security hole opens can of worms. | ||||
| Thread | Forum | |||
| Free Microsoft Security Solution Hunts Worms. | Security News | |||
| Strange hole in security | General Discussion | |||
| Vbootkit security hole | System Security | |||
| Zero Day Security Hole In Windows 7? | System Security | |||
| Security hole in UAC | News | |||
All times are GMT -5. The time now is 01:59 PM.
