PDF Exploit

 
|

PDF Exploit

Last month, InternetNews.com reported that a white hat programmer had discovered a particularly nasty exploit in Adobe’s PDF format, and that Adobe was in the process of fixing it.


According to a posting on Symantec’s Security Response blog, the spam contains subject lines like “invoice,” “statement” or “bill.” The attached PDF file will have names like INVOICE.pdf, YOUR_BILL.pdf, BILL.pdf and STATEMET.pdf.

If you try to open these files with an unpatched Acrobat Reader or Internet Explorer 7, the application will crash, your firewall is disabled and a pair of rootkits are installed on your computer. The malicious code then installs Trojans to steal financial information, like bank account information.

Adobe fixed the flaw Monday and released Acrobat Reader 8.1.1, and the company is working to fix the 7.0.x version as well. But the exploit is actually in Internet Explorer 7, it’s just that Reader didn’t properly sanitize how URLs are passed from the Internet to the Windows ShellExecute function. The patch now checks to make sure the link being passed doesn’t contain any dangerous code.

[InternetNews , Read more... ]

Tags: , , , ,

Post a Comment

AMD Tri-Core »
« Gauri Negre


Entertainment Directory of Entertainment Blogs Blog Directory Scouter for YouTube Widescreen, in format de 16/9 ; Facts and Myths about Power Supply - PC ; American Music Awards 2008 - The Winners Today.com Entertainment Blogs
TopOfBlogs blog search directory Add to Technorati Favorites Blogverzeichnis - Blog Verzeichnis bloggerei.de Entertainment blogs Bloggers and Blogging Blogs - BlogCatalog Blog Directory Entertainment Blogs - Blog Top Sites
Blog DigNow.org The House Of Blogs, directorio de blogs BlogESfera Directorio de Blogs Hispanos - Agrega tu Blog BlogRankers.com Blog Directory & Search engine directorio web blogarama - the blog directory
blog directory PodNova Listed in LS Blogs the Blog Directory and Blog Search Engine