Flaw leaves Adobe Acrobat Reader open to attack

05.01.2007 | 16:39
Security experts are warning of a vulnerability in Acrobat Reader that lets a cyber attacker add malicious code to Web content, using a Web site or e-mail message that links to a PDF on a trusted site. In addition to linking to the PDF document, the attacker could add JavaScript that executes when a user clicks on the link and the document is opened in the PDF reader.

Computer security researchers said Wednesday they have discovered a vulnerability in Adobe's ubiquitous Acrobat Reader software that allows cyber intruders to attack personal computers through trusted Web links.

Virtually any Web site hosting PDF files is vulnerable to attack, according to researchers from Symantec and VeriSign's iDefense Intelligence.

The attacks could range from stealing cookies that track a user's Web browsing history to the creation of harmful worms, the researchers said.

The flaw, first revealed at a hacker conference in Germany over the holidays, exists in a plug-in that enables Acrobat users to view PDF files within Web browsers.

By manipulating the Web links to those documents, hackers and online thieves are able to commandeer the Acrobat software and run malicious code when users attempt to open the files, according to Ken Dunham, director of the rapid response team at iDefense Intelligence.

Dunham gave this hypothetical scenario: an attacker finds a PDF file on a banking Web site. The attacker creates a hostile Web site that links to the bank's PDF file. Included is malicious JavaScript code that will run on the unsuspecting user's computer once the link is clicked.

‘PDF is trusted and tried and true - everyone uses it,’ Dunham said. ‘But instead of just viewing the file, you've initiated script that shouldn't be executed. All you have to do is click on the PDF and the ball starts rolling.’

The flaw appears to target Microsoft's Internet Explorer 6.0 Web browser and earlier versions, and Mozilla's Firefox browser, the researchers said.

They recommended that users protect themselves by upgrading Internet Explorer or changing Firefox's user options so the browser does not use the Acrobat plug-in.

Researchers said it's unclear how pervasive or harmful any future attacks might be.

‘Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved,’ a Symantec researcher said in a posting on a company Web log.
Adobe Acrobat Reader
Source TechNewsWorld

Comments (0)
Leave comment:CaptchaRefresh verification code