Searching \ for '[EE]:: Adobe Acrobat Reader malicious code exploit' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=adobe+acrobat+reader
Search entire site for: ': Adobe Acrobat Reader malicious code exploit'.

Exact match. Not showing close matches.
PICList Thread
'[EE]:: Adobe Acrobat Reader malicious code exploit'
2007\10\09@221416 by Russell McMahon

face
flavicon
face
It's presently possible to run exploit code via Adobe Acrobat Reader
via PDFs in emails or on websites.

       http://computerworld.co.nz/news.nsf/scrt/5357F78B0E30E3B5CC25736F006A6F22?opendocument&utm_source=topnews&utm_medium=email&utm_campaign=topnews

Note that this class of exploit is as applicable to bith Firefox and
Explorer (at least).


       Russell


__________________________________________________________

October 10th

Adobe Systems has confirmed that there's a critical bug in its most
popular programs, but it doesn't yet have a patch that protects
Windows XP users against attacks arriving as PDF files.
In an advisory posted on Friday, Adobe admitted that the flaw first
disclosed by Petko Petkov, a UK-based security researcher, was real.
The San Jose-based company also provided a multiple-step work-around
in lieu of a permanent fix to its Adobe Acrobat software and its free
Adobe Reader application.

Last month, Petkov claimed in a blog posting that he had found a
critical vulnerability that could be leveraged using PDF files,
Adobe's popular document format. "Adobe Acrobat/Reader PDF documents
can be used to compromise your Windows box," Petkov said Sept. 21
"Completely!!! Invisibly and unwillingly!!! All it takes is to open a
PDF document or stumble across a page [that] embeds one."

At the time, Petkov declined to provide proof-of-concept code, telling
users: "You have to take my word for it." He recommended steering
clear of all PDFs until a fix was available.

Adobe's work-around requires editing the Windows registry, a daunting
chore for most users, but it will protect against malicious PDF
documents that exploit the "spam_OUT" URI (universal resource
identifier) to trick users into downloading attack code. Mailto:, one
of the most-frequently used URIs, launches the default email client
and opens a pre-address message when a link is clicked inside a web
browser.

The terse description indicates that the PDF vulnerability is yet
another protocol-handling bug. Those flaws have been a hot topic in
security circles since July, when another researcher, Norwegian Thor
Larholm, showed how Internet Explorer and rival Firefox could be used
to run malicious code by exploiting invalid URIs. In fact, the debate
over patching responsibility resumed on Friday, when a German analyst
said IE7 brought new bugs to Windows XP.

Juergen Schmidt of Heise Security specifically called out Adobe's
software in a warning to a security mailing list, while Heise's
website provided a proof-of-concept attack that used the URI
to inject malicious code via a PDF. "This critical security problem is
probably the same as recently detected and described by Petko Petkov,"
Heise said on Friday before Adobe published its advisory.

Adobe said it would update Adobe Reader 8.1 and Adobe Acrobat 8.1, as
well as Adobe 3D, by the end of the month, but did not give a more
specific date.

Microsoft, which has been criticised for not fixing the
protocol-handing capabilities in Windows and Internet Explorer, has
repeatedly said that the responsibility for making sure third-party
software properly processes URIs such as falls to other
vendors' application developers, not its engineers. In July, IE
program manager Markellos Diorinos claimed that it would be "very
difficult" for Windows to check for possibly invalid URIs.

If users cannot or will not use the work-around, Adobe's advice was
essentially the same as Petkov's of two weeks ago. "Adobe recommends
that Acrobat and Reader customers use caution when receiving
unsolicited email communications requesting user action, such as
opening attachments or clicking web links," the company said in its
advisory.

Only Windows XP users running Internet Explorer 7 are at risk, Adobe
said. Owners of Windows Vista, which sports its own version of IE 7,
are safe from the .....-based attacks.

2007\10\10@073235 by Gerhard Fiedler

picon face
Russell McMahon wrote:

> It's presently possible to run exploit code via Adobe Acrobat Reader
> via PDFs in emails or on websites.
>
> http://computerworld.co.nz/news.nsf/scrt/5357F78B0E30E3B5CC25736F006A6F22?opendocument&utm_source=topnews&utm_medium=email&utm_campaign=topnews

Thanks for the heads-up. But it's been a while since I saw such a bad
article. When they write:

> Adobe's work-around requires editing the Windows registry, a daunting
> chore for most users, but it will protect against malicious PDF
> documents that exploit the "" URI (universal resource identifier)
> to trick users into downloading attack code. Mailto:, one of the
> most-frequently used URIs, launches the default email client and opens a
> pre-address message when a link is clicked inside a web browser.

They don't provide a link to or other explanation for the cited
work-around. Given that they imply they know the work-around, I feel they
want to take me for a ride. (Besides, they don't offer /any/ links to any
of their sources. For me that's almost disqualifying for a technical news
source.)

Luckily, there are outlets that actually cite their sources, e.g. this one
<http://www.dmxzone.com/ShowDetail.asp?NewsId=14209>, where you find the
link to Adobe's work-around
<http://www.adobe.com/support/security/advisories/apsa07-04.html>.

FWIW, here's what seems to be the original report (although someone seems
to claim that this was taken from a Firefox bug report)
<http://www.gnucitizen.org/blog/0day-pdf-pwns-windows>.

Gerhard

2007\10\10@090011 by Carl Denk

flavicon
face
I have been using Foxit reader instead of an Adobe product for about a
month, it loads much faster than the Adobe Reader on XP with Firefox,
and has a nice feel to it. Recommended! I wonder if Foxit is subject to
the same security issue. I registered on the Foxit forum, but have not
been approved yet. If someone else is a member, please ask the question.
The Link is
http://www.foxitsoftware.com/


Gerhard Fiedler wrote:
{Quote hidden}

2007\10\10@092026 by Dario Greggio

face picon face
Carl Denk wrote:

> I have been using Foxit reader instead of an Adobe product for about a
> month, it loads much faster than the Adobe Reader on XP with Firefox,

Testing it right now, thanks for the tip Carl!

Looks nice & fast...

--
Ciao, Dario il Grande (522-485 a.C.)
--
ADPM Synthesis sas - Torino
--
http://www.adpm.tk

2007\10\10@103638 by Herbert Graf

flavicon
face
On Wed, 2007-10-10 at 15:14 +1300, Russell McMahon wrote:
> It's presently possible to run exploit code via Adobe Acrobat Reader
> via PDFs in emails or on websites.
>
>         computerworld.co.nz/news.nsf/scrt/5357F78B0E30E3B5CC25736F006A6F22?opendocument&utm_source=topnews&utm_medium=email&utm_campaign=topnews
>
> Note that this class of exploit is as applicable to bith Firefox and
> Explorer (at least).

Wow, that is impressive. Sure makes me glad I'm not running Acrobat or
windows... :) TTYL

2007\10\10@115556 by Gerhard Fiedler

picon face
Carl Denk wrote:

> I have been using Foxit reader instead of an Adobe product for about a
> month, it loads much faster than the Adobe Reader on XP with Firefox,
> and has a nice feel to it. Recommended! I wonder if Foxit is subject to
> the same security issue. I registered on the Foxit forum, but have not
> been approved yet. If someone else is a member, please ask the question.
> The Link is
> http://www.foxitsoftware.com/

The original poster of the exploit says that Foxit is subject to the same
issue, though in a "less severe" manner. Not sure whether they have also a
fix.

FWIW, I've used Foxit, and I find it extremely invasive. It doesn't have an
installer, but when you run it for the first time it changes system
settings related to PDFs and there's no way (other than fiddling manually
with all of them in the registry) to revert that. I prefer programs that do
such things in an installer that can revert all that later.

"No installer required" is not always a good thing...

Gerhard

2007\10\10@173022 by alan smith

picon face
hmmm....ive been getting junk mail, with a pdf attached, now it makes sense why those were being sent.  Course I never opened one...just deleted as it came in since the subject was something that didnt make sense.

     
---------------------------------
Be a better Heartthrob. Get better relationship answers from someone who knows.
Yahoo! Answers - Check it out.

More... (looser matching)
- Last day of these posts
- In 2007 , 2008 only
- Today
- New search...