 "Acrobat Flaw Puts Internet Users At Risk")
A recent vulnerability discovered in Adobe’s Acrobat Reader software, could put internet users at risk. The problem relates to Adobe Acrobat files and Cross Site Scripting (XSS).The vulnerability allows the Adobe Reader browser plugin to execute JavaScript code on the client side.
The security problem was first disclosed at the Chaos Computer Club conference in Germany in a paper by Stafano Di Paola and Giorgio Fedon. The extended scope of the issue was publicized later by a hacker using the moniker “RSnake.”
“The vulnerability stems from the “Open Parameters” feature in Adobe Reader, which allows for parameters to be sent to the program when opening a .pdf file. Like most things in life, this was a feature designed for benign usage, but unfortunately somebody has discovered that it can also be used for malicious purposes,” says Hon Lau, senior security response engineer, Symantec Security Response Team, in his blog.
According to Lau, this development is significant for a number of reasons. First of all, the ease in which this weakness can be exploited is breathtaking. Use of this “feature” requires no exploitation of vulnerabilities on the server side; secondly, any Web site that hosts a .pdf file can be used to conduct this attack. All the attacker has to do is find out who is hosting a .pdf file on their Web server and then piggy back on it to mount an attack.
What this means, in a nutshell, is that anybody hosting a .pdf file, including well-trusted brands and names on the Web, could have their trust abused and become unwilling partners in crime and lastly, due to the power and flexibility of JavaScript, the attacker has a wide scope for inflicting damage.
This problem appears to be limited to the Firefox browser, which has a relatively large user base.
To mitigate the threat, users can upgrade to Adobe Reader 8, the latest version released last month. In case users wish to avoid upgrading, they can mitigate against attacks by implementing JavaScript filtering capabilities on corporate firewalls and intrusion detection systems, and by disabling Adobe Reader plugin capabilities in Web browsers.
Initially, security professionals thought that the problem was restricted and exposed only to Web-related data or could support phishing scams. Now it has been discovered that miscreants could exploit the problem to access all information on a victim’s hard disk drive, said Web security specialists at WhiteHat Security and SPI Dynamics.
When the issue was first discovered, experts warned of links with malicious JavaScript to PDF files hosted on Web sites. While risky, this actually limits the attacker’s access to a PC. It has now been discovered that those limits can be removed by directing a malicious link to a PDF file on a victim’s PC.
The security problem exists because the Web browser plug-in of the Adobe Systems’ Acrobat Reader allows JavaScript code appended to links to PDF files to run once the link is clicked, said Jeremiah Grossman, chief technology officer at WhiteHat Security.