Featured Articles

KitKat has more than a fifth of Android users

KitKat has more than a fifth of Android users

Android 4.4 is now running on more than a fifth of Android devices, according to Google’s latest figures.

More...
Nvidia introduces five new Quadro cards

Nvidia introduces five new Quadro cards

Nvidia has revamped its Quadro professional graphics line-up with a total of five new cards, two of which are based on…

More...
AMD Tonga XT graphics cards come later

AMD Tonga XT graphics cards come later

According to sources who wish to remain unnamed, we should see an AMD Tonga XT-based graphics card launched sometime in September.

More...
Nvidia Maxwell Geforce 800 comes in September

Nvidia Maxwell Geforce 800 comes in September

Nvidia was always cautious when talking about upcoming Maxwell parts, the first of which was launched back in March and based…

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Monday, 03 January 2011 14:37

More flaws found in Adobe's PDF

Written by Nick Farell
adobe_reader_logo

Insecurity expert warns
Insecurity researcher Julia Wolf of FireEye has found several previously unknown, security problems in connection with Adobe's PDF standard.

Speaking to the 27th Chaos Communication Congress  in Berlin,  Wolf said that a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer. She said the format also has some other strange surprises, such it is possible to write PDFs which display different content in different operating systems, browsers or PDF readers.

Since many businesses use PDF as their standard file format for maintaining presentation consistency across different computer environments the standard has too many functions that can be exploited to launch attacks and wreak other havoc, Wolf says. Some of them range from database connections without security features to options that can blindly trigger the execution of arbitrary programs in Acrobat Reader.

According to Wolf, Adobe itself calls PDF a "container format" which may indeed hold a variety of things. For example, it is possible to integrate Flash files, which themselves offer many points of attack, as well as audio and video files.

Wolf said that there are so many places for hiding arbitrary data and code in a PDF. It is possible to generate very small PDF files which only execute JavaScript, and that certain objects can be referenced multiple times to trigger different responses when opening a file.

What makes matters worse is that most anti-virus programs are incapable of detecting malicious software in PDFs.


Nick Farell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments