PDF Security IssueBy Gosia Grabowska
Here is a little warning for all you Adobe Reader users.
This security problem was first discovered in late December at the Chaos Computer Club conference in Germany.
However, it was recently discovered that if the link points to a PDF on a local computer this is much worse than an attack from a remote zone, such as a website. The malicious link has to point to a PDF file that already exists on the Web, or on the PC.
And this is fairly easy to do as the Acrobat Reader comes with a demo file that is installed to a default location. The script code may be used to read or delete files, execute programs, or even send contents to the attacker.
Adobe is aware of this problem but did not verify this issue yet, and they are still evaluating all possible scenarios.
In order to protect yourself from this threat, you have to upgrade your Adobe Reader to it’s latest version that was released last month. Adobe is also working on updates to previous versions of Adobe Reader and they should be released soon.
About the Author
Gosia Grabowska (MCTS Active Directory, MCTS Vista, Network+, Linux+, Project+, PMP) is an experienced Network Support Specialist and an expert in Windows Server support. She graduated from DePaul University, Chicago with a Bachelor degree in Network Technologies with highest honors. Gosia has over 8 years of technical and support experience and has worked as Systems Administrator for a high profile law firm, where she managed the Backup and Disaster Recovery plan. Gosia has been a part of the Train Signal team since 2006 as the Product Manager and has written many articles on a variety of topics, including Exchange Server 2007, Windows Vista, Small Business Server, and more.
- Vista Security
- IE 7 Fails Its First Security Test
- Adobe Goes To Mars
- Office 2007 System Code Released to Manufacturing
- Creating a Site to Site VPN (Part 1)
- Offline file caching in Longhorn Server
- New Windows Vista Exam
- An Overview of Link Local Multicast Name Resolution
- With Vista Clock Ticking, Timing Is Everything
- PDF and XPS: When Acronyms Compete