A New Security Flaw Discovered by Petko Petkov, This Time in PDF

A suspicious warning came from a security expert, Petko Petkov, regarding a security flaw in Adobe PDF format.
This follows his previous bugs discoveries, that you have probably already read about, in the Second Life client, Firebug JavaScript debugger, Windows Media Player and Firefox's QuickTime plug-in.
Petko Petkov recommends us to avoid PDF files, especially those sent by unknown users.
This until a patch will be released.

I will cite the words used in his blog: "Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one."
According to him, the exploit affects Windows 2003 and Windows XP SP2, while Vista and Linux can’t be affected.
Acrobat Reader’s vulnerable versions are 7, 8.0 and 8.1, but other programs such as Foxit Reader can be affected, though less, because they show a confirmation dialog which has to be accepted in order for the exploit to start running malicious code on the machine.

We don’t know for sure how accurate this information is, but Petkov wrote that he informed Adobe about the flaw and that he will publish the code which demonstrates how the attack works, after a patch is provided.
According to him, Adobe has confirmed the problem, "You have to take my word for it," he said.

If you liked this post, subscribe to our blog by email:

By FeedBurner