No JavaScript Needed For New Adobe Exploits - Slashdot

Catch up on stories from the past week (and beyond) at the Slashdot story archive

×

No JavaScript Needed For New Adobe Exploits 187

Posted by CmdrTaco on Tuesday April 06, 2010 @11:52AM from the this-will-end-badly dept.

bl8n8r writes "More woes for Adobe as a security firm creates a proof-of-concept attack that injects malicious code as part of the update process. The user only needs to click a dialog box to execute the code and no JavaScript is needed to launch the exploit. The exploit affects Foxit as well as Adobe Acrobat software. This exploit is made possible through the host software allowing execution of system binaries. Not clear if it's multi-platform, but seems plausible."

This discussion has been archived. No new comments can be posted.

No JavaScript Needed For New Adobe Exploits

Search 187 Comments Log In/Create an Account

Comments Filter:

Re:Linux is vulnerable too (Score:3, Interesting)

by headkase ( 533448 ) writes: on Tuesday April 06, 2010 @11:57AM (#31749110)

Runs with the same privileges as the parent program. So it can kill my home folder, not "rm -rf /" And like every other security hole found so far it will be written out. Considering they all get written out the fair comparison would be comparing number and severity of vulnerabilities by platform. If it can't boot after a vulnerability is exploited or you can't remove it within 30 minutes then have it count doubly so.

Parent Share
twitter facebook
Solution (Score:3, Interesting)

by abigsmurf ( 919188 ) writes: on Tuesday April 06, 2010 @11:59AM (#31749152)

Have the dialogue control specify that you are potentially allowing the PDF to alter other documents (maliciously or otherwise).

It's not exactly the first time a method of using social engineering to trick people has been part of a standard. Altering the status bar in JavaScript in order to aid phishing attacks was one.

Share
twitter facebook
Google Docs (Score:2, Interesting)

by areusche ( 1297613 ) writes: on Tuesday April 06, 2010 @12:02PM (#31749212)

Screw adobe and other client side PDF readers. Am I vulnerable if I use Google's PDF viewer to view PDFs?t

Share
twitter facebook
Re:Code, meet data (Score:4, Interesting)

by Animats ( 122034 ) writes: on Tuesday April 06, 2010 @12:32PM (#31749676) Homepage

Because some genius thought that it was a great idea to put a launch command in the PDF spec.
Yes. That should formally be removed from the ISO standard.
I tried the proof of concept code in SumatraPDF, and it didn't work. But may be a bug in SumatraPDF; there's an error message about a sync file failure.

Parent Share
twitter facebook
Re:Drop it like the disease it is (Score:3, Interesting)

by clone53421 ( 1310749 ) writes: on Tuesday April 06, 2010 @12:46PM (#31749900) Journal

As it’s apparently a standard PDF feature, giving it a shot to run whatever command line its author desires...
Yeah, it would affect anything that supported that feature.
Note that the clean pdf, after it is infected, pops up the window asking to run “firefox.exe sudosecure.net”. I’m not sure exactly how he did it, but note that there is a huge mass of text (judging from the scrollbar) above the “it’s okay, let me do this” message in the evil pdf. He’d have to somehow create a malicious binary and then execute it. One suspicion I have... a polyglot.
evil.txt:
%bad stuff here... bla bla bla, execute me from the command prompt
Then...
copy /b evil.txt + clean.pdf evil.pdf

Result: evil.pdf opens just fine in Acrobat Reader, but it has the injected code at the beginning, disguised as a comment.
No comment of whether it is specific to 32-bit or 64-bit versions of Windows... and why might that be significant, you ask? Because 64-bit versions of windows do not include DEBUG.EXE.

Parent Share
twitter facebook
OT: Do non-Adobe PDF apps less vulnerable? (Score:3, Interesting)

by guanxi ( 216397 ) writes: on Tuesday April 06, 2010 @01:01PM (#31750102)

Would switching to a non-Adobe PDF viewer make you safer? I understand this exploit affects Foxit, but there are many other exploits and PDF viewers (MacOS X's Preview, Ghostview/GSView, CutePDF, Nitro, etc.).
Usually the headline says the exploits are in Acrobat; and given Adobe's much larger installed base, they are a much more likely target; but perhaps the exploits are really in PDFs (or JavaScript) in general.

Share
twitter facebook
Re:Linux is vulnerable too (Score:1, Interesting)

by Anonymous Coward writes: on Tuesday April 06, 2010 @01:46PM (#31750900)

In Ubuntu, root login is even disabled by default (you have to sudo).
The difference between root login and a non carefully restricted sudo setup (which is the default on Ubuntu installs), is virtually meaningless.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

HELP!!!! I'm being held prisoner in /usr/games/lib!