TweakTown
Tech content trusted by users in North America and around the world
6,213 Reviews & Articles | 40,212 News Posts

PDF file format found to be a vector for attack

No need to use Javascipt anymore

| Hacking & Security News | Posted: Apr 6, 2010 2:10 am

We have all heard about how Adobe's Acrobat Reader and Flash browser plug-ins are vulnerable to exploits. But did you know that the actual file format specification for all PDFs is also a vector for attack?

 

The ISO standard for PDFs (ISO PDF 32000-1:2008) details the functionality that is present in the file format and outlines the launch command. This launch specification can allow malicious coders to imbed scripted commands that can infect even a clean PDF. There is no need to exploit javascript or another zero-day exploit. As the code executes in the PDF the user will be presented with a dialog box asking if he or she wants to run the code. A clever attacker can design the dialog to entice the user into thinking they need to click this. This is a proven technique used by many "scare-ware" vendors. They fool the user into thinking they are infected with a virus and by clicking on a button it will clean it off for them.
Both Adobe and Foxit are working ways to correct the issue or at least provide additional user warnings about the danger of opening unknown PDFs.

 

 

NEWS SOURCES:News.cnet.com

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases