Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

9/26/2008
02:01 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Adobe PDF Reader Vulnerable, U.S. CERT Warns

The government's standard precautionary advice: Don't open files from sources you don't trust, and keep your antivirus software and patches up to date.

U.S. CERT on Thursday warned that new attack kits for exploiting vulnerabilities in Adobe's PDF-reading software are circulating on the Internet.

Secure Computing's Anti-Malware Research Labs has published a screenshot of one such Web-based attack kit, called "PDF Xploit Pack."

"This new toolkit targets only PDFs, no other exploits are used to leverage vulnerabilities," a Secure Computing blog post explains. "Typical functions like caching the already infected users are deployed by this toolkit on the sever-side. Whenever a malicious PDF exploit is successfully delivered, the victim’s IP address is remembered for a certain period of time. During this 'ban time' the exploit is not delivered to that IP again, which is another burden for incident handling."

Adobe has patched 17 security vulnerabilities in the Windows version of its Reader 8 software so far this year, in four separate patches. The Macintosh version of Reader 8 has been patched 16 times in three patches to date this year.

Ian Amit, director of security research at Aladdin Knowledge Systems, attributes the rise in PDF exploits to the revival of the Neosploit toolkit, according to a report in Computerworld.

Secure Computing says that other exploit toolkits, like "El Fiesta," have also been enhanced to take advantage of PDF vulnerabilities.

Another security company, Finjan, released a report earlier this week that examined the rising sophistication of obfuscated malicious code -- code written to be difficult to read and detect. The report notes that PDF files make an appealing delivery mechanism for malicious code because they allow JavaScript code to be embedded for the purpose of PDF file customization and manipulation.

"During our research, we noticed an increase in the amount of PDF files containing malicious code," the Finjan report explains. "Obviously, crimeware authors became aware of this new capability for distributing malicious code and took the necessary steps to protect their 'bread- and- butter' from being detected by security vendors."

U.S. CERT offers the standard precautionary advice: Don't open files from sources you don't trust, and keep your antivirus software and patches up to date.

Keeping one's antivirus software up to date, while advisable, may not be particularly effective. The Finjan report says that company researchers submitted a PDF with obfuscated malicious code to Virus Total, a service that analyzes whether submitted malware is detectable by various antivirus engines. It found that only 10% of the antivirus engines in its test suite recognized the file as malicious.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4396
PUBLISHED: 2020-08-04
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1...
CVE-2020-4410
PUBLISHED: 2020-08-04
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539.
CVE-2020-4459
PUBLISHED: 2020-08-04
IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395.
CVE-2020-4525
PUBLISHED: 2020-08-04
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1...
CVE-2020-4542
PUBLISHED: 2020-08-04
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 1...