Adobe PDF format riddled with exploitable features
Posted on 03 January 2011.
Adobe's PDF format and standard has been known for a while now to be easily exploitable and, thus, rather insecure. In the past, attackers have taken advantage not only of its vulnerabilities, but of its features as well. And as Adobe has recently announced a sandbox for Adobe Reader, some experts wonder if it's enough.

As Julia Wolf, a researcher with security company FireEye, pointed out at the 27th Chaos Communication Congress in Berlin - the current PDF standard is riddled with functions that can be misused in various ways.

According to her, a PDF file can have a database scanner embedded in it which is rigged to start scanning as soon as the file is printed on a network printer. It can also be made to display completely different content depending on the OS, browser, PDF reader software or language settings used on the computer.

What's more, some of its functions can be used to set off arbitrary code execution. The fact that the standard supports many insecure formats (XML), technologies (RFID tags) and script languages (JavaScript) only adds to its weak security.

According to The H Security she also mentioned that, interestingly enough, Adobe calls the the PDF format a "container format". And, indeed, it can contain many things - from audio and video to Flash files, which can, in their turn, be exploited by the attackers.

But, one of the biggest problems regarding the exploitation of this feature is that most anti-malware solutions fail to detect this embedded malicious software, and the detection rate is poorer still if the malicious code is compressed.

All in all, the sandboxing feature will be a welcome addition to the new version of Adobe Reader. Whether it will solve the problems she described, it remains to be seen.






Spotlight

Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Jul 29th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //