dserban
Sep 21 2007, 10:19 PM
| | The British security researcher who has disclosed two critical flaws in popular media files in the past week said yesterday that a zero-day vulnerability in Adobe Inc.'s pervasive PDF files could be exploited to snatch control of Windows XP systems.
Petko Petkov, a penetration tester who recently disclosed a zero-day flaw in Apple Inc.'s QuickTime a week ago and a similarly critical bug in Microsoft Corp.'s Windows Media Player, now says that Adobe System Inc.'s Acrobat Reader files harbor a serious vulnerability.
The PDF zero-day beats the media file flaws hands down, said Petkov. "Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box," he said on his blog today. "Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page, which embeds one."
http://www.computerworld.com/action/articl...ticleId=9038099 |
Comment/Reply (w/o sign-up)
Quatrux
Sep 22 2007, 06:41 AM
Interesting, this can be serious, but unfortunately I get a 503 on the link you provided, maybe he got much visits lately and his server went down  Oh it seems to work and his blog seems to work too now.
Comment/Reply (w/o sign-up)
FirefoxRocks
Sep 22 2007, 04:51 PM
So is it affecting only Adobe Reader users or does ALL PDF files opened on Windows XP Service Pack 2 have this security risk? I actually don't see the use of PDF over plain old HTML files. If you prefer use Microsoft Word, then use DOC/DOCX, why PDF anyways?
Comment/Reply (w/o sign-up)
HellFire121
Sep 23 2007, 05:08 AM
The way i see it is that it provides a published uneditable version of something, useful for documentations and whatnot. I usually don't read PDF's anyway, only the occasional stuff but otherwise all the info i need is on forums there's no need for me to download them. If i need a copy of what i'm reading i'll just copy/paste into notepad or something, easy and done. -HellFire
Comment/Reply (w/o sign-up)
Sten
Sep 23 2007, 05:22 AM
is it like adobes actual fault or just a plain thing with PDF's? ive always liked PDF's for everything, if im reading something big on the internet i always look for a PDF first. although since ive been using them like ever since i got my first computer, i dont think ill stop using them, they havent done anything before, i dont think, lol!
Comment/Reply (w/o sign-up)
develCuy
Oct 2 2007, 01:49 AM
QUOTE(Sten @ Sep 23 2007, 12:22 AM)  is it like adobes actual fault or just a plain thing with PDF's?
ive always liked PDF's for everything, if im reading something big on the internet i always look for a PDF first.
although since ive been using them like ever since i got my first computer, i dont think ill stop using them, they havent done anything before, i dont think, lol! I agree 100%, PDF's are a great source of information, because the nature of "Document", this means invaluable quality. The only drawback is the weight of files, there must be some way to interactively print a sort of any HTML pages to a single PDF... Blessings!
Comment/Reply (w/o sign-up)
yordan
Oct 2 2007, 10:52 AM
QUOTE(HellFire121 @ Sep 23 2007, 07:08 AM) I usually don't read PDF's anyway My scanner, as a lot of others, has a "pdf" button. When somebody asks me a copy of a document, my last phone bill or a business card, I put the paper on my scanner, it creates a pdf file, and I simply send the pdf file by mail. If this trick is interesting for a lot of people (like a nice postcard), I put it on my website. So, each guy who wants to see the postcard opens a pdf file. I'm not very sure that today we can survive without reading pdf files. I feel it like not being connected to the Internet because it's dangerous. Of course, it's dangerous, but can we continue leaving in our world without it ?
Comment/Reply (w/o sign-up)
FirefoxRocks
Oct 2 2007, 08:43 PM
Erm, for images and stuff, JPEG/PNG/GIF/SVG and even BMP for Windows users is fine (although BMP may be a bit bloated). For text/images, plain old (X)HTML is great. For those office application users, DOC/DOCX/ODT is great for storing these kinds of documents. I honestly don't know what is so great about PDF, they are slow to load in Adobe Reader, and even slower if loaded in Firefox/Internet Explorer.
Comment/Reply (w/o sign-up)
Quatrux
Oct 3 2007, 06:05 AM
PDF is really great, even though I agree that they are slow, but with current versions they load faster and scroll faster, if you just need a simple document, just use a document file, but PDF can do much more, in fact I usually publish PDF's if I can, do all my works with PDF's in the University, it is a portable document, you can read it on any OS, but of course a lot of things changed, it is as easy to read .doc files on Linux as on Windows, but like if you create files with OO, usually a lo of people don't have OO on Windows, just Word, the same is with most schools, colleges, universities, academies, libraries and offices etc. but most of them are able to read a PDF document.. Most of comics can be created as PDF's, Newspapers, Manuals, Books and etc.
Comment/Reply (w/o sign-up)
.:Brian:.
Oct 3 2007, 11:28 PM
hmmm...that is interesting...I wonder how quickly a fix for this will be out (or is there one already?) If I had to guess adobe is already aware of the issue and is fixing it as soon as they can. Is it only for windows xp though? In that case is it microsoft's issue and not adobe's? (Sorry, I had trouble loading the original source because of the ads and it not letting me to the actual website)
Comment/Reply (w/o sign-up)
overkiller
Feb 17 2008, 02:57 PM
thats very interesting! Everything seems to have a draw back nowadays  I think i'd better be more carful!
Comment/Reply (w/o sign-up)
ethergeek
Feb 15 2008, 03:19 PM
I don't want to by any means start a windows bashing fest...but seriously, what *doesn't* put Windows XP at risk? It's getting to the point where my Secunia RSS feeds for XP are bigger in the morning than my 30 other feeds (including consumerist, engadget, slashdot and digg) COMBINED. I'm with xboxrulz on this one...Mac user and effin LOVING IT.
Comment/Reply (w/o sign-up)
Quatrux
Feb 15 2008, 10:32 AM
I knew about Foxit reader, it really is great and much faster than Adobe Reader, but I tried SumatraPDF and it is even faster than you use the actual size of the PDF, even though it has almost all features off, for reading it is just great, thanks for sharing  By the way, I recommend to turn off the plugin in browsers, when you click on a pdf file with your mouse in a link and pdf opens in your browser tab, I really hate that, I prefer that it would open in a normal window of Adobe or any other PDF viewer, it's much faster and doesn't lag the browser and besides it can be easily changed in most browsers preferences. 
Comment/Reply (w/o sign-up)
dserban
Feb 15 2008, 09:09 AM
QUOTE(vmkrightpoint @ Feb 15 2008, 09:01 AM) i don't really like PDFs >_< i hatrwhen i click on an tutorial it sometimes come open with PDF >_< i hate it alot it lags up alot There are a couple of things you might be able to do about slow performance when opening / browsing PDF files. 1. If you want lightning fast performance when opening PDFs, use the Sumatra PDF Viewer (http://blog.kowalczyk.info/software/sumatrapdf/). 2. If you want good browsing performance after the PDF has been opened, then use FoxIT Reader (http://www.foxitsoftware.com/pdf/rd_intro.php). Adobe Acrobat Reader is like a stocky frat guy you never want to invite to your Halloween parties, because he'll show up wearing a giant gift-wrapped box with a "To: Women, From: God" label on top. He thinks he is all that, but he really just wore a costume so big he can't get through the front door and has to stay outside by the fire all night. Acrobat Reader does one thing poorly - read PDFs. To do this it needs to download updates at least twice a month. Acrobat's other big feature is the ability to bring your system to a roaring halt while it boots up its massive amount of plugins and libraries. All this to display just one page.
Comment/Reply (w/o sign-up)
vmkrightpoint
Feb 15 2008, 08:01 AM
i don't really like PDFs >_< i hatrwhen i click on an tutorial it sometimes come open with PDF >_< i hate it alot it lags up alot
Comment/Reply (w/o sign-up)
Similar Topics
Keywords : difficult, pdfs, put, windows, xp, risk, researcher
- Windows XP Exploit - Please Help.
(8)
MS Windows CSRSS Vulnerability
(4) There's a vulnerability in MS Windows that may cause serious problems related with the module
csrss.exe . Here below is listed vulnerable systems: QUOTE Microsoft Windows XP Tablet PC
Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP
Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition
SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Wind....
Windows Has Slowed To A Crawl
surely sp2 is not the cause (4) I am trying to figure what is wrong with this one copy of Windows that has slowed to crawl since I
installed sp2. I certainly hope that sp2 is not the cause so I am searching for malicious software
undetected by spybotS&D, avast, and AdAware. My troubles with ZoneAlarm has left my computer
unprotected by any firewall at times and then the efforts to fix my DSL connections had me
connecting directly to the modem rather than through the router as I usually do. So it is possible
that something has gotten through. I am particularly suspicious of the services I cannot s....
My Windows Isn't Genuine?
(16) Ugggg, I just found out (from my computer!) that my Operating System (XP Pro) isn't
genuine /mad.gif" style="vertical-align:middle" emoid=":angry:" border="0" alt="mad.gif" /> I
got a great deal on a used computer from a Swap Meet a few months ago. Will Microsoft accept a
letter or something, along with a little toy cash register receipt and give me a license key, or
will I have to buy a new copy? Dang, I should have known better, from now on, I'm building my
own systems (I've been studying!) ....
Keep Your Windows XP Protected
A discussion. (9) Dear Members As you all may be aware of the spywares, trojan horses,viruses which are troubling us.
I have found out a descent way of protecting owr PC's from these harmful stufs. I run a cyber
cafe and use windows xp home version. I am describing my way of protecting pc's:- 1. Frist of
all I have downloaded the windows XP service pack 2. 2. Then I have downloaded Avg Free. 3. Lastly
I have downloaded Windows Defender. 4. What I do is that, I have created two accounts in my
computer. One Admin which have Administrator rights another guest account. I use the ....
Windows XP Logon Script
(12) Microsoft Windows XP logon script has (had) a fatal bug in it- When you see the new
(funky) Windows XP Logon screen, it shows all the available users. 1. Press Ctrl+Alt+Del twice so
that the formal (earlier Windows) logon dialog box pops up. 2. Then, select Administrator as the
username and enter Any password greater than 32 chracters in the password field. 3. Windows will
give you a buffer overflow error. Click OK or Cancel and you're looged-in as administrator!!!
Well, this exploit was corrected my Microsoft in SP1 and SP2. Three cheers! -Omkar....
Worm Alert - W32.zotob.a
new worm to hit Windows PCs (8) A new worm has been detected by multiple antivirus and security specialists. It's called ZOTOB
and is exploiting security holes that have been earlier highlighted in Microsoft Security Bulletin
MS05-039 . The worm affects Win2000 systems and newer. Win 98, ME etc. are not currently thought to
be at risk although, one must always keep the holes plugged. Details regarding what it does exactly
and removal instructions can be found at Symantec's site and also at Microsoft's ZOTOB
Advisory page The hole allowing Zotob to infect and spread can be fixed by i....
Cracked Windows "genuine Advantage"
(news only) (1) When I was shocked when I saw this QUOTE MICROSOFT'S bid to refuse access to updated
versions of Windows has been foiled by hackers. The Vole had demanded that those who wanted Windows
updates, other than security improvements, had to download an Active X program that sniffed their
operating system to see if their OS had been pirated. It took about 24 hours for hackers to come up
with a solution involving IE script, the hackers claim. source:
http://www.theinquirer.net/?article=24961 If I am not wrong, Microsoft spent more than one year to
build up this....
Windows Sercurity Centre Is Spyware?
(8) Unbelieveable but true - ever since I've reinstalled windows, I've been getting this message
from windows security centre in a dialogue box that my computer is not properly protected and blah,
blah.... and it asks me whether i want to learn how to protect my computer (as if i don't know)
if i click yes, it opens firefox and takes me to this site which obviously is not a microsoft
site. also, many times i get a baloon with a similar message. when i click it, norton says that a
"trojan horse" was detected and deleted. so is this how microsoft protects my comp....
Aim Virus Messing Around With My C:\windows Folder
(10) Okay, so I was talking to my friend on IM yesterday and then she sends me a message saying OMFG LOOK
AT HER or something like that and then a link. I stupidly opened it and then two seconds later she
IMs me telling me not to cause it seems to be a virus. Usually I don't accept those kind of
things but it was from her so I let my guard down. Apparently she had got it from another one of her
friends. It's a .pif virus I know that much but it doesn't do much, I can still open AIM
and my task manager with no weird things but when I reboot my computer, my C:\WIN....
Windows Xp: Simple Way Of Obtaining Admin Access
(8) I doubt this can even qualify as an exploit, but here is a way to obtain admin access for windows xp
in less than 5 minutes. 1. Restart the computer in safe mode 2. When the computer boots up you will
be at the user's screen. All users will be displayed here, and one extra should appear at the
top of the screen 'Admin'. 3. Use the Admin user, it doesnt require a password. Here you
can do anything you can normally do as admin, change user restrictions, create users...the works.
Almost everyone here probably know this, but for those who dont...have fun. ....
Microsoft Windows "mshta" Code Execution Exploit
(0) From SecurityFocus http://www.securityfocus.net/archive/1/395...10/2005-04-16/0 There is a _New_
exploit which affects the MSHTA (Microsoft HTML Application Host), using a simple program it's
possible to create file from a *.hta with a _strange_ extenstion(*.foo *.ghgh *.asd) and this file
will be executed by the MSHTA so if u put some malicious Vbs or JS in the *.hta the risk is very
high.... http://www.frsirt.com/exploits/20050414.ms05016.php this is the source of the program
to create the malicious files I've tested it on Xp Sp1 and Xp SP2 and both sy....
Looking for difficult, pdfs, put, windows, xp, risk, researcher
|
See Also,
*SIMILAR VIDEOS*
Searching Video's for difficult, pdfs, put, windows, xp, risk, researcher
|
advertisement
|
|
