Featured Articles

Analysts expect ARM to do well next year

Analysts expect ARM to do well next year

British chip designer ARM could cash in on the mobile industry's rush to transition to 64-bit operating systems and hardware.

More...
Huawei and Xiaomi outpace Lenovo, LG in smartphone market

Huawei and Xiaomi outpace Lenovo, LG in smartphone market

Samsung has lost smartphone market share, ending the quarter on a low note and Xiaomi appears to be the big winner.

More...
Intel Broadwell 15W coming to CES

Intel Broadwell 15W coming to CES

It looks like Intel will be showing off its 14nm processors, codenames Broadwell, in a couple of weeks at CES 2015.

More...
Gainward GTX 980 Phantom reviewed

Gainward GTX 980 Phantom reviewed

Today we’ll be taking a closer look at the recently introduced Gainward GTX 980 4GB with the company’s trademark Phantom cooler.

More...
Zotac ZBOX Sphere OI520 barebones vs Sphere Plus review

Zotac ZBOX Sphere OI520 barebones vs Sphere Plus review

Zotac has been in the nettop and mini-PC space for more than four years now and it has managed to carve…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Monday, 03 January 2011 14:37

More flaws found in Adobe's PDF

Written by Nick Farell
adobe_reader_logo

Insecurity expert warns
Insecurity researcher Julia Wolf of FireEye has found several previously unknown, security problems in connection with Adobe's PDF standard.

Speaking to the 27th Chaos Communication Congress  in Berlin,  Wolf said that a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer. She said the format also has some other strange surprises, such it is possible to write PDFs which display different content in different operating systems, browsers or PDF readers.

Since many businesses use PDF as their standard file format for maintaining presentation consistency across different computer environments the standard has too many functions that can be exploited to launch attacks and wreak other havoc, Wolf says. Some of them range from database connections without security features to options that can blindly trigger the execution of arbitrary programs in Acrobat Reader.

According to Wolf, Adobe itself calls PDF a "container format" which may indeed hold a variety of things. For example, it is possible to integrate Flash files, which themselves offer many points of attack, as well as audio and video files.

Wolf said that there are so many places for hiding arbitrary data and code in a PDF. It is possible to generate very small PDF files which only execute JavaScript, and that certain objects can be referenced multiple times to trigger different responses when opening a file.

What makes matters worse is that most anti-virus programs are incapable of detecting malicious software in PDFs.


Nick Farell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments