PDF Vulnerability Now Exploitable With No Clicking

Malcontent · Mar 5, 2009

http://it.slashdot.org/article.pl?sid=09/03/05/1328244

"With Adobe's patch for the current PDF vulnerability still some time away, news has emerged of more techniques that are available to exploit the vulnerability, this time without needing the victim to actually open a malicious file. Instead, the methods make use of a Windows Explorer Shell Extension that is installed alongside Adobe Reader, and which will trigger the exploitable code when the file is interacted with in Windows Explorer. Methods have been demonstrated of successful exploitation with a single click, with thumbnail view, and with merely hovering the mouse cursor over the affected file. There are many ways that exploits targeting the JBIG2 vulnerability could be hidden inside a PDF file, and it seems that the reliability of detection for these varying methods is spotty, at best."
Click to expand...

XDD · Mar 17, 2009

nice

elapsed · Mar 17, 2009

XDD said:

nice
Click to expand...

As far as I know it was fixed in 9.1

Mrkvonic · Mar 18, 2009

You do need to click, though. You need to open a browser, go to a site, click on the file and download it. It's four steps before it gets to see the Windows Explorer. And it's at least 3 clicks before the file is stored locally.

And only works for Adobe Reader with Windows ...

Mrk

Log in or Sign up

PDF Vulnerability Now Exploitable With No Clicking

Malcontent Registered Member

XDD Registered Member

elapsed Registered Member

Mrkvonic Linux Systems Expert

Log in or Sign up

PDF Vulnerability Now Exploitable With No Clicking

Malcontent Registered Member

XDD Registered Member

elapsed Registered Member

Mrkvonic Linux Systems Expert

Useful Searches