Featured Articles

Nvidia Shield 2 shows up in AnTuTu

Nvidia Shield 2 shows up in AnTuTu

Nvidia’s original Shield console launched last summer to mixed reviews. It went on sale in the US and so far Nvidia…

More...
AMD CSO John Byrne talks ARM

AMD CSO John Byrne talks ARM

We had a chance to talk about AMD’s upcoming products with John Byrne, Chief Sales Officer, AMD. We covered a number…

More...
AMD Chief Sales Officer thinks GPU leadership is critical

AMD Chief Sales Officer thinks GPU leadership is critical

We had a chance to talk to John Byrne who spent the last two years as Senior Vice President and Chief…

More...
OpenPlus One $299 5.5-inch Full HD phone

OpenPlus One $299 5.5-inch Full HD phone

OnePlus is one of the few small companies that might disrupt the Android phone market, dominated by giant outfits like Samsung.…

More...
KFA2 GTX 780 Ti Hall Of Fame reviewed

KFA2 GTX 780 Ti Hall Of Fame reviewed

KFA2 gained a lot of overclocking experience with the GTX 780 Hall of Fame (HOF), which we had a chance to…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Monday, 03 January 2011 14:37

More flaws found in Adobe's PDF

Written by Nick Farell
adobe_reader_logo

Insecurity expert warns
Insecurity researcher Julia Wolf of FireEye has found several previously unknown, security problems in connection with Adobe's PDF standard.

Speaking to the 27th Chaos Communication Congress  in Berlin,  Wolf said that a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer. She said the format also has some other strange surprises, such it is possible to write PDFs which display different content in different operating systems, browsers or PDF readers.

Since many businesses use PDF as their standard file format for maintaining presentation consistency across different computer environments the standard has too many functions that can be exploited to launch attacks and wreak other havoc, Wolf says. Some of them range from database connections without security features to options that can blindly trigger the execution of arbitrary programs in Acrobat Reader.

According to Wolf, Adobe itself calls PDF a "container format" which may indeed hold a variety of things. For example, it is possible to integrate Flash files, which themselves offer many points of attack, as well as audio and video files.

Wolf said that there are so many places for hiding arbitrary data and code in a PDF. It is possible to generate very small PDF files which only execute JavaScript, and that certain objects can be referenced multiple times to trigger different responses when opening a file.

What makes matters worse is that most anti-virus programs are incapable of detecting malicious software in PDFs.


Nick Farell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

Comments  

 
+4 #1 JAB Creations 2011-01-03 22:51
Adobe needs to seriously reconsider how their programmers do what they do, we hear about them as often as Microsoft though they don't have an operating system.
 
 
-5 #2 dicobalt 2011-01-04 05:00
Adobe makes PDF software?!
 
 
+2 #3 BorgOvermind 2011-01-04 07:10
That's why some use Foxit reader or other alternate readers. They won't spread the infestation by running scripts.
 

To be able to post comments please log-in with Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments