Adobe Reader Vulnerability Exploited By Botnet

Not open for further replies.


Golden Master
Adobe Reader Vulnerability Exploited By Botnet

Security issues with Adobe products seem to be in the news quite frequently in the last months. No week passes by with yet another report about a security vulnerability or update of one of the popular Adobe software programs. Recently an Adobe Reader vulnerability was discovered that allows attackers to execute code on a target machine. This is done by specifically preparing a pdf with an executable embedded in the code. To be fair: This vulnerability did not only affect Adobe Reader but also tools from third party developers like Foxit.
Zeus Botnet Jumps On PDF Design Flaw

ZDNet says that attackers have already begun exploiting the Adobe flaw that was discovered last week.

M86 said the email includes a PDF, which in turn contains an attachment that appears to be another PDF file. "This attachment is actually an executable file and, if run, will install the Zeus bot," M86 said in an advisory. The executable targets Windows systems. The attack uses the Launch action built into the PDF specification as a feature.
Adobe offers workaround for PDF risk

Adobe has provided a workaround for an issue in its Reader and Acrobat software that could let PDFs be used to spread malicious software.
In March, security researchers discovered a feature in the software could be used to trick people into running an embedded executable program in a PDF. Malicious software could be installed on the victim's PC without an attacker exploiting any vulnerability on the system.
On Tuesday, Adobe product manager Steve Gottwals outlined the workaround in a blog post. Sysadmins can alter a registry setting on Windows, or grey out a PDF preference, to stop users turning on the /Launch capability, which is the exploitable feature, he said.
In addition, Adobe is evaluating the best way to allow admins and users to mitigate the problem. This could be pushed out in a product update, according to Gottwals.
"We are currently researching the best approach for this functionality in Adobe Reader and Acrobat, which we could conceivably make available during one of the regularly scheduled quarterly product updates," said Gottwals.
The PDF hack was made public by security researcher Didier Stevens. Stevens showed how an attacker could use the launch function triggered by opening a PDF. While Adobe Reader launches a dialog box to ask for user approval to run the executable, the message in the dialog box can be manipulated look like an innocuous message and so to fool users into starting the program, wrote Stevens in a blog post.
The proof-of-concept attack demonstrated by Stevens also works with Foxit Reader, an alternative to Adobe Reader. However, Foxit does not pop up the dialog box.

Adobe offers workaround for PDF risk | Security Threats | ZDNet UK
Not open for further replies.
Top Bottom