Canadian Wellsite

Oiltalk

Oiltalk > General Information > Tech Support > Hackers Further Exploit PDF Vulnerability Ahead of Patch

Forum Quick Jump

[ << Previous Thread | Show Newest Post First ]

Forum Administrator
Forum Moderator

Date Joined Mar 2006
Total Posts : -56

Posted 1/8/2010 9:00 AM (GMT -7)

Non-fans of the PDF file format now have one more reason to harbor negative feelings towards it. Hackers have found another way to exploit a vulnerability on a rather large scale, and it's supposed to be five more days before Adobe puts a fix in place.

Jessa De La Torre, a threat response engineer at Trend Micro, explained the latest danger in a blog post, writing, "The sample (detected by Trend Micro as TROJ_PIDIEF.WIA) uses the heap spray technique to execute shellcode in its stream. As a result, a malicious file detected as BKDR_POISON.UC is dropped into the system."

De La Torre then continued, "When executed, BKDR_POISON.UC opens an instance of Internet Explorer and connects to a remote site, cecon.{BLOCKED}-show.org. Once connected, a malicious user may execute any command on the affected system."

And Adobe's announced that it won't provide a patch until Tuesday, January 12th.

Of course, standard be-careful-what-you-click-on practices will go a long way toward keeping people safe from this threat.

Individuals can do something else to protect themselves while Adobe readies its solution, too: users of Adobe Reader or Acrobat have the option of either utilizing the javascript Blacklist Framework, or manually disabling javascript if that seems easier.

Also, one other positive, semi-related story is that Adobe's working on a new update utility designed to automatically apply patches.

Maybe PDF's critics will find a little less to get upset about in the future, then.

www.SecurityProNews.com

Forum Information

Currently it is Monday, February 18, 2019 2:13 AM (GMT -7)
There are a total of 3,614 posts in 504 threads.
In the last 3 days there were 0 new threads and 0 reply posts. View Active Threads