9/15/2006

Hacker Discovers Adobe PDF Back Doors

Filed under: — By Aviran Mordo @ 10:13 pm

A British security researcher has figured out a way to manipulate legitimate features in Adobe PDF files to open back doors for computer attacks.

David Kierznowski, a penetration testing expert specializing in Web application testing, has released proof-of-concept code and rigged PDF files to demonstrate how the Adobe Reader program could be used to launch attacks without any user action.

“I do not really consider these attacks as vulnerabilities within Adobe. It is more exploiting features supported by the product that were never designed for this,” Kierznowski said in an e-mail interview with eWEEK.

The first back door (PDF), which eWEEK confirmed on a fully patched version of Adobe Reader, involves adding a malicious link to a PDF file. Once the document is opened, the target’s browser is automatically launched and loads the embedded link.

“At this point, it is obvious that any malicious code [can] be launched,” Kierznowski said.

Source: eWeek

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress