Safe / Secure / Systems : Internet and Data Security for Regular People: Adobe PDF exploit

Wednesday, March 11, 2009

Adobe PDF exploit

Probably the biggest IS news item recently is the discovery of a fairly serious vulnerability in the venerable Adobe Acrobat "PDF" file format. Briefly, it's one that doesn't require you to actually do anything for the vulnerability to be triggered, other than have Windows Indexing Service enabled (which I believe is turned on by default in XP). Even if you don't have that enabled, merely passing your mouse cursor over the file in Windows Explorer could still trigger the exploit. Now, this is only if you've actually downloaded a PDF that has been hacked to have this kind of malware inside of it, but AFAIK this is a sort of a new thing, where you don't even have to open the file to get the bad stuff happening. Note that this vulnerability exists on MacOS as well.

The morbid details are here, or you can see the sanitized Adobe discussion here.

No comments:

Post a Comment

Disclaimer

The information contained in this Site is provided in good faith by the author for general guidance on matters of interest only. Given the inherent hazards of electronic communication, there may be omissions or inaccuracies in information contained in this Site. As a result, the information on this Site is provided with the understanding that the author is not herein engaged in rendering any professional advice and services. As such, it should not be used as a substitute for consultation with professional and competent advisors. Before making any decision or taking any action based on the information contained in this Site, you should consult a professional who is competent in providing professional advice in information technologies.
While the author has made considerable effort to ensure that the information contained in this Site is accurate, the author is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information contained in this Site is provided "as is", with no guarantee of completeness, accuracy, timeliness or the results obtained from the use of the information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose or product safety of any kind. In no event will the author, his or her related partnerships or corporations, or the partners, family members, agents, employees or employers thereof be liable to you or anyone else for any decision made or action taken in reliance on the information contained in this Site, or for any indirect, consequential, special or similar damages including, without limitation, permanent loss or corruption of data, physical or emotional sufferings, moral standard corruptions, damages for loss of goodwill or self-esteem, loss of customers or market share, breach of security, permanent or temporary loss of employment, permanent or temporary loss of connectivity to the Internet, work stoppage, loss of income, computer related fires or other mishaps, computer failure or other malfunctions.
Certain links in this Site connect to other Web Sites maintained by third parties over whom the author has no control. These links are for general guidance on matters of interest only. The author makes no representations as to the accuracy or any other aspect of information contained in other Web Sites. The provision of these links should not be interpreted as constituting any kind of endorsement, whether implicit or explicit, of the views and/or contents of such other Web Sites.

Safe / Secure / Systems :
Internet and Data Security
for Regular People

Wednesday, March 11, 2009

Adobe PDF exploit

No comments:

Post a Comment

Followers

Blog Archive

About Me

Disclaimer