• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

PDF "/Launch" Social Engineering Attack

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
redduc900

redduc900

Inactive Moderator
Joined
Dec 17, 2000
Location
Portland, OR
It seems some sites are exploiting an insecure default setting in Adobe Reader. Instructions for fixing Adobe Reader are here (note you must do it for every user account on the machine)...

http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html

Zeus botnet exploits unpatched PDF flaw
http://www.computerworld.com/s/article/9175612/Zeus_botnet_exploits_unpatched_PDF_flaw

Adobe said:
As we investigate this, users can use the following method to further mitigate against this risk. For consumers, open up the Preferences panel and click on "Trust Manager" in the left pane. Clear the check box "Allow opening of non-PDF file attachments with external applications"
Click to expand...

... or use an alternative like Foxit Reader.

Edit: Apparently Foxit Reader has the same flaw w/ any software revision older than the current version 3.2.0.0303

Authorization Bypass When Executing An Embedded Executable.

SUMMARY

Fixed a security issue that Foxit Reader runs an executable embedded program inside a PDF automatically without asking for user’s permission.
http://www.foxitsoftware.com/pdf/reader/security.htm#0401
 
Last edited:
Thanks redduc. Everyone should move away from Adobe Reader completely. Bloated and unnecessary, +1 for FoxIT.
 
You must log in or register to reply here.

Similar threads

c627627
Zero-day exploit for Adobe Reader, Flash now in the wild
2
Replies
38
Views
2K
c627627
c627627
Back