Backdoor discovered in Adobe PDFs

Posted on Monday, Sep 18 2006 @ 01:15 CEST by Thomas De Maesschalck
A British security researcher found a way to manipulate legitimate features of Adobe PDF files to open backdoors for computer attacks.
David Kierznowski, a penetration testing expert specializing in Web application testing, has released proof-of-concept code and rigged PDF files to demonstrate how the Adobe Reader program could be used to launch attacks without any user action.

"I do not really consider these attacks as vulnerabilities within Adobe. It is more exploiting features supported by the product that were never designed for this," Kierznowski said in an e-mail interview with eWEEK.

The first back door (PDF), which eWEEK confirmed on a fully patched version of Adobe Reader, involves adding a malicious link to a PDF file. Once the document is opened, the target's browser is automatically launched and loads the embedded link..
More details over at eWeek.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments