Adobe Reader, PDF Attack
March 2009
No user action required in newly discovered PDF attack. Merely storing, without opening, a malicious PDF file can trigger an attack that exploits the new, unpatched zero-day flaw in Adobe Reader, a researcher has discovered. A researcher and IT security consultant with Contrast Europe NV on March 9 released a proof-of-concept demonstration that shows how a file infected with the Adobe flaw can trigger a new attack when the machine uses Windows Indexing Services. And the user does not even have to open or select the document. In addition, the researcher last week released a proof-of-concept demonstrating how PDF files could be exploited with minimal user interaction, just saving it to the hard drive and viewing it in Windows Explorer. But this latest attack vector is more risky, he says, because the user does not have to do anything with the file at all. “It requires no user interaction, and for the Windows Indexing Service, it can lead to total system compromise [with] privilege escalation,” the researcher says.
No user action required in newly discovered PDF attack. Merely storing, without opening, a malicious PDF file can trigger an attack that exploits the new, unpatched zero-day flaw in Adobe Reader, a researcher has discovered. A researcher and IT security consultant with Contrast Europe NV on March 9 released a proof-of-concept demonstration that shows how a file infected with the Adobe flaw can trigger a new attack when the machine uses Windows Indexing Services. And the user does not even have to open or select the document. In addition, the researcher last week released a proof-of-concept demonstrating how PDF files could be exploited with minimal user interaction, just saving it to the hard drive and viewing it in Windows Explorer. But this latest attack vector is more risky, he says, because the user does not have to do anything with the file at all. “It requires no user interaction, and for the Windows Indexing Service, it can lead to total system compromise [with] privilege escalation,” the researcher says.
posted by arkietechs at 9:14 AM
0 Comments:
Post a Comment
<< Home