Post: two vulnerabilities in PDF

Source: Internet
Author: User
Recently, a British security researcher David kierznoski discovered a vulnerability in Adobe PDF file format. Hackers can exploit the legal functions of PDF file format to implant malicious content in it.CodeTo open a backdoor on the attacker's computer.

Kierznowski found two major vulnerabilities in PDF and produced a demo PDF file. The 1st vulnerabilities appeared to be serious, the EWeek website proves this vulnerability on an Adobe Reader that has completed all the security patches. Hackers can directly add a hyperlink with malicious code when creating a PDF file, when this malicious PDF file is opened on the user's machine, the browser of the target machine will automatically load the malicious hyperlink in the PDF file. The rest of the work must be clear to everyone. The demo PDF file of this vulnerability can be downloaded here.

The 2nd demo files produced by kierznoski prove an attack through Adobe Systems 'adbc (Adobe database connectivity) and Web services. Kierzonwski said the vulnerability can still be exploited in an Adobe Professional version that is filled with all security patches. The demo PDF file of this vulnerability can be downloaded here.

"The second type of attack is to access the Windows Local ODBC data source, enumerate available databases, and then send the information to localhost through the web service. This attack can be extended to actual database queries. Imagine what a hacker will do to access the database on your machine through your web browser ." Kierznoski said.

Kierznoski claims that at least seven security points in the PDF file can be exploited by hackers. He reminds everyone of the fact that Adobe Acrobat supports "HTML tables" and "file system access ".

A spokesman for Adobe said the company was aware of the discovery of kierzonski and is actively investigating the issue.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.