News

New year brings new PDF vulnerabilities

January 07, 2010

Advertisement
Advertisement
 

While the world was ringing in the New Year, hackers were creating new ways to exploit unpatched vulnerabilities in PDF documents according to Internet Storm researcher Bohan Zdrnja.

In a blog post this week Zdrnja detailed a new JavaScript exploit that can be hidden in PDF files and exploit a widely documented PDF vulnerability. The blog post details Zdrnja's test on a suspicious PDF document that was sent by one of the blog readers. Zdrnja noted in his analysis of the document that it was exploiting the CVE-2009-4324 doc.media.newPlayer vulnerability.

Zdrnja states, "This can easily be seen in the included JavaScript in the PDF document," despite horrible detection rates (6 out of 40) by the anti-virus vendors Zdrnja submitted it to.

In his blog post, Zdrnja noted the exploited PDF document once infected contains "everything it needs to fully exploit the victim's machine -- it does not have to download anything off the Net." Later in the post he states, "If we are to judge the new year by the sophistication the attackers started using, it does not look too good."

In late December, McAfee also released its Threat Predictions report which can be downloaded in full here, and predicted that Adobe's products will be increasingly targeted by cybercriminals because their usage is so widespread. In its report, McAfee Labs also asserted that Adobe's product exploitation has the capacity to surpass MS Office programs in 2010.

In a section titled, "Malware Writers Love Adobe, Microsoft Products," the report states:

In 2009 McAfee Labs saw an increase in attacks targeting client software. The favorite vector among attackers is Adobe products, primarily Flash and Acrobat Reader. Using "heap spray-like" and other exploitation techniques, malware writers have turned Adobe apps into a hot target. Further, Flash and Reader are among the most widely deployed applications in the world, which provides a higher return on investment to cybercriminals. Based on the current trends, we expect that in 2010 Adobe product exploitation is likely to surpass that of Microsoft Office applications in the number of desktop PCs being attacked.

For its part, Adobe's director of product security and privacy, Brad Arkin in a blog posted mid-December listed January 12th as the target ship date for the update "to remediate vulnerability CVE-2009-4324." The full blog post can be found here.

PDF In-Depth Free Product Trials Ubiquitous PDF

Debenu Quick PDF Library

Get products to market faster with this amazing PDF developer SDK. Over 900 functions and an equally...

Download free demo

Two Passwords Are Better Than One: The Low-Down On PDF Security

For people who don't spend their time looking at PDF files in text editors*, PDF security is a sometimes misunderstood beast.

For example, those document restrictions that PDF files sometimes have -- no Printing, Content Copying, Page Extraction, etc -- are essentially useless unless the PDF also has a User Password.

January 09, 2014
Platinum Sponsor



Search Planet PDF
more searching options...
Planet PDF Newsletter
Most Popular Articles
Featured Product

Debenu PDF Aerialist 11

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link control. Take Acrobat to the next level.

Features

Adding a PDF Stamp Comment

OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.