Home » Story links » Param's story links

Backdooring PDF Files

Link: http://michaeldaw.org/md-hacks/backdooring-pdf-files/
Points: 690 views User: Param Comments: 0 Comments Tag:

A British security researcher has figured out a way to manipulate legitimate features in Adobe PDF files to open back doors for computer attacks. David Kierznowski, a penetration testing expert specializing in Web application testing, has released proof-of-concept code and rigged PDF files to demonstrate how the Adobe Reader program could be used to launch attacks without any user action.

* The first back door (PDF), involves adding a malicious link to a PDF file. Once the document is opened, the target's browser is automatically launched and loads the embedded link.

* A second back door demo presents an attack scenario that uses Adobe Systems' ADBC (Adobe Database Connectivity) and Web Services support. Kierznowski said the back door can be used to exploit a fully patched version of Adobe Professional. "The second attack accesses the Windows ODBC (on localhost), enumerates available databases and then sends this information to 'localhost' via the Web service. This attack could be expanded to perform actual database queries. Imagine attackers accessing your internal databases via a user's Web browser," he said.

- More Details also on EWeek


Email: Email this Story to a Friend

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.