Adobe Reader 'piggyback snake bite home
A British security researcher has discovered several ways to use Adobe Reader features to open a backdoor, attacking PC systems.
A British security researcher has discovered several ways to use Adobe Reader features to open a backdoor, attacking PC systems.
The exploit code and specially programmed PDF files were published by expert David Kierznowski with the aim of demonstrating how to exploit Adobe Reader to attack PC systems without any interaction of user.
' I don't think this is a security bug in Adobe's PDF application. This is just a way of enforcing the legitimate features of the application to do the non-thinking work of the person who designed it , 'Kierznowski asserts.
The method of using web-based exploit code to launch a "drive-by-malware download" attack is a popular form. In these attacks malicious code will be booted and infected to the victim system while downloading more malicious code.
In addition, the detection of the 'back door' on the Adobe Reader application demonstrates the fact that desktop applications are becoming an attractive target for cyber criminals.
The second method that takes advantage of Adobe Reader to open a backdoor on the compromised system is to use Adobe System's ADBC (Adobe Database Connectivity) and Web Services support web service system. This method can be used to attack fully patched Adobe Professional systems.
' The second attack method allows an attacker to access Windows ODBC, list existing databases and send that information through Web Services. This form of attack can be further developed to execute real database control commands. You can imagine that successfully exploiting a malicious attacker can completely control your internal database through a web browser . '
Kierznowski claims that there are at least more than 7 points existing in PDF files that could be exploited by hackers to trigger malicious code. ' With just a little more creativity, an attacker can incorporate simple and complex attacks. The reason may be that Adobe Acrobat supports both the use of HTML Form and access to the file system '.
' One of my most interesting discoveries is that I can use Adobe Acrobat to open the following ports by activating a JavaScript file with the function of opening the tailgate in the folder on the hacked system ,' Kierznowski said.
Adobe's spokesman said the company is currently investigating the issue Kierznowski has just discovered.
Hoang Dung
- Adobe Reader has a dangerous ActiveX error
- Adobe Reader opens the PC hard drive door for hackers
- Adobe 'eye' to the highlighted document
- Video: A pair of cooperative dogs biting off a snake 1.5 meters long to save the owner
- Search for snake venom antidote thanks to anti-HIV technology
- Hackers distribute malicious code to attack Reader, Acrobat
- Extremely poisonous snake with a bite that causes the victim to break the bone
- Video: Strange sight of the snake's head turning back to bite itself
- Video: Whole liver squirrel bites snake
- The golden snake tree plays a gecko in the secret
What is the Snapdragon SiP chip? How to create a yellow circle around the mouse cursor on Windows Edit the Boot.ini file in Windows XP 3 ways to restart the remote computer via the Internet Vietnam computer market: Looking back a year How to restore deleted applications on Android How to increase the capacity of C drive on Windows 10, 8, 7 ... 8 security features of Windows operating system