05 January 2007
PDF Exploit is a Big Threat
A warning to Acrobat Reader users. Links to PDF files can include JavaScript which can be used to view, copy and modify the entire contents of a user's hard drive.
Originally it was thought that such malicious code would only affect servers and would have limited effect on user's computers. The nature of Java prevents it from modifying any file on a computer it is remotely running on, saving users from security vulnerabilities. What has recently been discovered is that if the link were directed at a PDF file on the user's computer, it could then run locally on the system allowing someone to view the user's files, modify and delete them as well as send files to the attacker.
The limitation to this is that the JavaScript has to know the location of a PDF locally installed on your system. You may be thinking that this saves you and makes it that much more difficult, but also consider that when Acrobat Reader installs it installs sample PDF files, which could very easily be used. Also consider the possibility of the attacker convincing the user to install the file themselves in a specific location (social engineering seems popular). After the people install the file, the attacker is in.
Adobe has yet to confirm the exploit, but has stated that they believe Flash Player, modern browsers and reader should prevent the affect of such an exploit.
Originally it was thought that such malicious code would only affect servers and would have limited effect on user's computers. The nature of Java prevents it from modifying any file on a computer it is remotely running on, saving users from security vulnerabilities. What has recently been discovered is that if the link were directed at a PDF file on the user's computer, it could then run locally on the system allowing someone to view the user's files, modify and delete them as well as send files to the attacker.
The limitation to this is that the JavaScript has to know the location of a PDF locally installed on your system. You may be thinking that this saves you and makes it that much more difficult, but also consider that when Acrobat Reader installs it installs sample PDF files, which could very easily be used. Also consider the possibility of the attacker convincing the user to install the file themselves in a specific location (social engineering seems popular). After the people install the file, the attacker is in.
Adobe has yet to confirm the exploit, but has stated that they believe Flash Player, modern browsers and reader should prevent the affect of such an exploit.
Labels: pdf, vulnerability
