Posted on Monday, January 03 2011 @ 20:55 CET by Thomas De Maesschalck
FUD Zilla
reports security expert Julia Wolf of FireEye has discovered several new security flaws in Adobe's PDF standard.
Speaking to the 27th Chaos Communication Congress in Berlin, Wolf said that a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer. She said the format also has some other strange surprises, such it is possible to write PDFs which display different content in different operating systems, browsers or PDF readers.
Since many businesses use PDF as their standard file format for maintaining presentation consistency across different computer environments the standard has too many functions that can be exploited to launch attacks and wreak other havoc, Wolf says. Some of them range from database connections without security features to options that can blindly trigger the execution of arbitrary programs in Acrobat Reader.
