No JavaScript Needed For New Adobe Exploits 187
bl8n8r writes "More woes for Adobe as a security firm creates a proof-of-concept attack that injects malicious code as part of the update process. The user only needs to click a dialog box to execute the code and no JavaScript is needed to launch the exploit. The exploit affects Foxit as well as Adobe Acrobat software. This exploit is made possible through the host software allowing execution of system binaries. Not clear if it's multi-platform, but seems plausible."
Re:Linux is vulnerable too (Score:3, Interesting)
Solution (Score:3, Interesting)
It's not exactly the first time a method of using social engineering to trick people has been part of a standard. Altering the status bar in JavaScript in order to aid phishing attacks was one.
Google Docs (Score:2, Interesting)
Re:Code, meet data (Score:4, Interesting)
Because some genius thought that it was a great idea to put a launch command in the PDF spec.
Yes. That should formally be removed from the ISO standard.
I tried the proof of concept code in SumatraPDF, and it didn't work. But may be a bug in SumatraPDF; there's an error message about a sync file failure.
Re:Drop it like the disease it is (Score:3, Interesting)
As it’s apparently a standard PDF feature, giving it a shot to run whatever command line its author desires...
Yeah, it would affect anything that supported that feature.
Note that the clean pdf, after it is infected, pops up the window asking to run “firefox.exe sudosecure.net”. I’m not sure exactly how he did it, but note that there is a huge mass of text (judging from the scrollbar) above the “it’s okay, let me do this” message in the evil pdf. He’d have to somehow create a malicious binary and then execute it. One suspicion I have... a polyglot.
evil.txt:
Then...
Result: evil.pdf opens just fine in Acrobat Reader, but it has the injected code at the beginning, disguised as a comment.
No comment of whether it is specific to 32-bit or 64-bit versions of Windows... and why might that be significant, you ask? Because 64-bit versions of windows do not include DEBUG.EXE.
OT: Do non-Adobe PDF apps less vulnerable? (Score:3, Interesting)
Would switching to a non-Adobe PDF viewer make you safer? I understand this exploit affects Foxit, but there are many other exploits and PDF viewers (MacOS X's Preview, Ghostview/GSView, CutePDF, Nitro, etc.).
Usually the headline says the exploits are in Acrobat; and given Adobe's much larger installed base, they are a much more likely target; but perhaps the exploits are really in PDFs (or JavaScript) in general.
Re:Linux is vulnerable too (Score:1, Interesting)
In Ubuntu, root login is even disabled by default (you have to sudo).
The difference between root login and a non carefully restricted sudo setup (which is the default on Ubuntu installs), is virtually meaningless.