Register a free account

ne nw
Crawlability Inc. Files for SEO Technology Patent
se sw

Go Back   Forum Index > Internet > Security Alerts and vulnerabilities
Reload this Page When PDFs Attack!
The Software Store
Register Members List Social Groups Calendar Search Today's Posts Mark Forums Read FAQ

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 01-03-2007, 11:03 AM
Symantec's Avatar
Symantec Symantec is offline
Senior Member
  
Join Date: Oct 2006
Posts: 300
When PDFs Attack!
When PDFs Attack!
<p>We have received reports of a significant problem relating to Adobe Acrobat files and Cross Site Scripting (XSS). A weakness was discovered in the way that the Adobe Reader browser plugin can be made to execute JavaScript code on the client side. This stems from the “Open Parameters” feature in Adobe Reader, which allows for parameters to be sent to the program when opening a .pdf file. Like most things in life, this was a feature designed for benign usage, but unfortunately somebody has discovered that it can also be used for malicious purposes.</p>

<p>This development is significant for a number of reasons:<br />
• The ease in which this weakness can be exploited is breathtaking. Use of this “feature” requires no exploitation of vulnerabilities on the server side.<br />
• Any Web site that hosts a .pdf file can be used to conduct this attack. All the attacker has to do is find out who is hosting a .pdf file on their Web server and then piggy back on it to mount an attack. What this means, in a nutshell, is that anybody hosting a .pdf file, including well-trusted brands and names on the Web, could have their trust abused and become unwilling partners in crime.<br />
• Due to the power and flexibility of JavaScript, the attacker has a wide scope for inflicting damage.</p>

<p><br />
Since this problem is so widespread and so easy to exploit, I would expect that we will see this “feature” used considerably in the coming days and weeks, until it is resolved. If you are using Norton Confidential Online, you are automatically protected against the current exploitation methods utilized in this attack. For others, you can mitigate against attacks by implementing JavaScript filtering capabilities on corporate firewalls and intrusion detection systems, and by disabling Adobe Reader plugin capabilities in Web browsers. In addition, beware of people sending you links to .pdf files on the Web. Check the URL for any unusual text or parameters after the .pdf extension. This would apply to all the usual distribution channels such as email, instant messaging, Web browsing, and so on.</p>

<p>For more information about Cross Site Scripting, you can read <a href="http://www.symantec.com/enterprise/security_response/weblog/2006/07/phishing_and_crosssite_scripti.html"> Zulfikar’s blog entry</a> about the topic of Phishing and XSS from July of last year.</p>
http://www.symantec.com/enterprise/security_response/weblog/2007/01/when_pdfs_attack.html
http://www.symantec.com/enterprise/security_response/weblog/2007/01/when_pdfs_attack.html
Wed, 03 Jan 2007 05:18:26 -0800
Reply With Quote
Sponsored Links

Reply

Bookmarks

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 01:38 AM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

234x60
Bulletin Board Custom Version by Mobo
Copyright 2004-2007 Cyberanswers.org All rights reserved