Updated 11 Feb, 2012, 4:06 pm IST

Flaw Found in Adobe's Acrobat PDF Format

04 Jan, 2007, 12:14 pm IST | AP |

Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted Web links.

Virtually any Web site hosting Portable Document Format, or PDF, files are vulnerable to attack, according to researchers from Symantec Corp. and VeriSign Inc.'s iDefense Intelligence.

The attacks could range from stealing cookies that track a user's Web browsing history to the creation of harmful worms, the researchers said.

The flaw, first revealed at a hacker conference in Germany over the holidays, exists in a plug-in that enables Acrobat users to view PDF files within Web browsers.

By manipulating the Web links to those documents, hackers and online thieves are able to commandeer the Acrobat software and run malicious code when users attempt to open the files, according to Ken Dunham, director of the rapid response team at VeriSign's iDefense Intelligence.

Dunham gave this hypothetical scenario: an attacker finds a PDF file on a banking Web site. The attacker creates a hostile Web site that links to the bank's PDF file. Included is malicious JavaScript code that will run on the unsuspecting user's computer once the link is clicked.

''PDF is trusted and tried and true — everyone uses it,'' Dunham said. ''But instead of just viewing the file, you've initiated script that shouldn't be executed. All you have to do is click on the PDF and the ball starts rolling.''

Representatives from Adobe did not return a call from The Associated Press on Wednesday night.

The flaw appears to target Microsoft Corp.'s Internet Explorer 6.0 Web browser and earlier versions, and Mozilla's Firefox browser, the researchers said.

They recommended that users protect themselves by upgrading Internet Explorer or changing Firefox's user options so the browser does not use the Acrobat plug-in.

Researchers said it's unclear how pervasive or harmful any future attacks might be.

''Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved,'' a Symantec researcher said in a posting on a company Web log.

Tags: Adobe , Acrobat , PDF , VeriSign

Adobe has gone ahead and made one final, major update for Android devices.The latest version of Flash Player 11.1 (11.1.112.60) adds support for the next

Galaxy Nexus bug fix and Flash support coming this month

No Adobe Flash support for Android 4.0, yet

Adobe for Android gets an update

Adobe to get aggressive with HTML5, kill Flash for mobiles

Adobe plans to lay off 750 employees

Adobe launches Reader for iOS

Mugen Power Galaxy Note Battery Pack

30 Jan, 2012, 12:52 PM

3.1

Samsung Galaxy Tab 620

25 Jan, 2012, 01:29 PM

3.1

LG Optimus Black P970

24 Jan, 2012, 06:11 PM

3.9

MORE PHOTOS

Leaked Images, Availability, Pricing,
Specs, Pre-order

Aakash Tablet

Max Payne 3

Nokia Lumia Series

Apple vs Samsung

Ivor Soans

Why I love and hate my BlackBerry

How time flies. A few weeks ago the BlackBerry world was mad at RIM for a massive 3-day outage. Now,...

Are Indian product launches really about the product?

Padmini Harchandrai

MORE OPINIONS

Logitech ZAAG iPad2 Keyboard Case

11 Feb, 2012, 03:59 PM IST

Apple device accessories are, if anything, numerous and that’s an understatement. But that is one the more ...

Koss KDE250 Review

Vu 40K21 Review

MSI WindPad Enjoy 10 Review

Panasonic Lumix DMC-TZ18 Review

Mercury mTab Neo Review

MORE REVIEWS

G'Five G5 Projector Dual SIM (GSM + GSM) Mobile Phone

25 Jan, 2011, 04:26 PM IST

8.0

A decent product for the price.

iBall Slide Android Tablet Review

Samsung Galaxy Fit S5670 - Falls Just a Little Short of 'Fit'

Samsung I9100 Galaxy S II - The Best Android Yet!

AV Player HD

Sony Ericsson Xperia Neo V Review

MORE REVIEWS

iBall Slide Android Tablet Review

20 Sep, 2011, 12:56 PM IST

6.0

With the budget tablet segment taking off another new entrant is the Slide from iBall. iBall has been quite popular in the PC peripherals business for a long

Sony Ericsson Xperia Neo V Review

Batman: Arkham City (PC) - Worst port ever!

Nokia Lumia 800 Review

Samsung I9100 Galaxy S II - The Best Android Yet!

Micromax A75 Superfone Lite Review

MORE REVIEWS

Camera update for the Nokia Lumia 800 coming soon

11 Feb, 2012, 04:06 PM IST

The Nokia Lumia 800 is a great device and it fares well in reviews the world over. Nokia spent the better part of November in launching campaign after campaign

Stylish Galaxy S III concept makes us wish it was true

More Call of Duty incoming

Google expands Chromium Security Rewards Program

Windows 8 Consumer Preview arriving on Feb 29

Government to directly check BBM and other IM services

MORE NEWS

PSN Down a Day after Hackers Promise Revenge on Sony