Post: two vulnerabilities in PDF

Recently, a British security researcher David kierznoski discovered a vulnerability in Adobe PDF file format. Hackers can exploit the legal functions of PDF file format to implant malicious content in it.CodeTo open a backdoor on the attacker's computer.

Kierznowski found two major vulnerabilities in PDF and produced a demo PDF file. The 1st vulnerabilities appeared to be serious, the EWeek website proves this vulnerability on an Adobe Reader that has completed all the security patches. Hackers can directly add a hyperlink with malicious code when creating a PDF file, when this malicious PDF file is opened on the user's machine, the browser of the target machine will automatically load the malicious hyperlink in the PDF file. The rest of the work must be clear to everyone. The demo PDF file of this vulnerability can be downloaded here.

The 2nd demo files produced by kierznoski prove an attack through Adobe Systems 'adbc (Adobe database connectivity) and Web services. Kierzonwski said the vulnerability can still be exploited in an Adobe Professional version that is filled with all security patches. The demo PDF file of this vulnerability can be downloaded here.

"The second type of attack is to access the Windows Local ODBC data source, enumerate available databases, and then send the information to localhost through the web service. This attack can be extended to actual database queries. Imagine what a hacker will do to access the database on your machine through your web browser ." Kierznoski said.

Kierznoski claims that at least seven security points in the PDF file can be exploited by hackers. He reminds everyone of the fact that Adobe Acrobat supports "HTML tables" and "file system access ".

A spokesman for Adobe said the company was aware of the discovery of kierzonski and is actively investigating the issue.