mamedesign
Reputable
PDF files can be used for spreading malware for cleaning PDF files stored on the target computer running Acrobat reader or Foxit reader PDF software. The concept for proof of concept for an attack for malicious coding is injected into a file on computer as a part of incremental update, which can be used for injection of malicious coding into any or all PDF files on the system.
The attack needs the user of computer for allowing the code for being executed by making agreement to it through dialog box. The attacker could control the content of dialog box, which appears for prompting the user for launching the executable and using social engineering for enticement of computer user for agreeing for execution of malware. Turning off the JavaScript would not prevent the attack. It does not need that the attacker exploits susceptibility in PDF reader.
PDS reader incremental update can be used as infection vector and the attack does not make exploitation in vulnerability. There are proofs of concept attack and details are given for the weakness in PDF readers, which was discovered by security researchers. A researcher David Stevens was able to launch and run an executable file within PDF by using a multi part script process. The researchers are investigating the ways for mitigation of risks from such attacks.
Foxit takes the security concerns more seriously and focus on the engineering resources for determining the main cause of the problem and getting a safe solution for the same. The security concern has made development team to work out a resolution, which was determined within a period lesser than 24 hours and updated version was made public in a short period of time.
The problem resulting from PDF reader software allowed .exe files to be opened or launched from within the program. Most of the users did not use the additional functionality. PDF software firms can provide a minimalistic version of PDF readers, which does not permit other kinds of programs for getting launched and allowed the users for making decision about the specific kinds of executables they want to provide within the program.
The attack needs the user of computer for allowing the code for being executed by making agreement to it through dialog box. The attacker could control the content of dialog box, which appears for prompting the user for launching the executable and using social engineering for enticement of computer user for agreeing for execution of malware. Turning off the JavaScript would not prevent the attack. It does not need that the attacker exploits susceptibility in PDF reader.
PDS reader incremental update can be used as infection vector and the attack does not make exploitation in vulnerability. There are proofs of concept attack and details are given for the weakness in PDF readers, which was discovered by security researchers. A researcher David Stevens was able to launch and run an executable file within PDF by using a multi part script process. The researchers are investigating the ways for mitigation of risks from such attacks.
Foxit takes the security concerns more seriously and focus on the engineering resources for determining the main cause of the problem and getting a safe solution for the same. The security concern has made development team to work out a resolution, which was determined within a period lesser than 24 hours and updated version was made public in a short period of time.
The problem resulting from PDF reader software allowed .exe files to be opened or launched from within the program. Most of the users did not use the additional functionality. PDF software firms can provide a minimalistic version of PDF readers, which does not permit other kinds of programs for getting launched and allowed the users for making decision about the specific kinds of executables they want to provide within the program.
