Featured Articles

Intel takes credit for three-way 4K gaming

Intel takes credit for three-way 4K gaming

All of a sudden Intel is talking about desktop gaming like there is no tomorrow and it is pushing it. The…

More...
Nvidia Shield Tablet 32GB 4G LTE out for pre orders

Nvidia Shield Tablet 32GB 4G LTE out for pre orders

Nvidia has finally revealed the shipping date of its Shield Tablet 32GB in 4G LTE flavour and in case you pre-order…

More...
Apple announces its Apple Watch

Apple announces its Apple Watch

Apple has finally unveiled its eagerly awaited smartwatch and surprisingly it has dropped the "i" from the brand, calling it simply…

More...
Skylake 14nm announced

Skylake 14nm announced

Kirk B. Skaugen, Senior Vice President General Manager, PC Client Group has showcased Skylake, Intel’s second generation 14nm architecture.

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Monday, 03 January 2011 14:37

More flaws found in Adobe's PDF

Written by Nick Farell
adobe_reader_logo

Insecurity expert warns
Insecurity researcher Julia Wolf of FireEye has found several previously unknown, security problems in connection with Adobe's PDF standard.

Speaking to the 27th Chaos Communication Congress  in Berlin,  Wolf said that a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer. She said the format also has some other strange surprises, such it is possible to write PDFs which display different content in different operating systems, browsers or PDF readers.

Since many businesses use PDF as their standard file format for maintaining presentation consistency across different computer environments the standard has too many functions that can be exploited to launch attacks and wreak other havoc, Wolf says. Some of them range from database connections without security features to options that can blindly trigger the execution of arbitrary programs in Acrobat Reader.

According to Wolf, Adobe itself calls PDF a "container format" which may indeed hold a variety of things. For example, it is possible to integrate Flash files, which themselves offer many points of attack, as well as audio and video files.

Wolf said that there are so many places for hiding arbitrary data and code in a PDF. It is possible to generate very small PDF files which only execute JavaScript, and that certain objects can be referenced multiple times to trigger different responses when opening a file.

What makes matters worse is that most anti-virus programs are incapable of detecting malicious software in PDFs.


Nick Farell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments