New vulnerabilities in Adobe Reader (April 28, 2013)

Posted: April 29, 2013 in Vulnerability News
Tags: , , ,

McAfee logo

Vulnerabilities in Adobe Reader

New vulnerabilities in Adobe Reader

The anti-virus company McAfee reported about detection of new vulnerability in Adobe Systems Reader software, which manifests itself in the moment when the user already opened and looks through the PDF-file by means of this program. The company said that the vulnerability is not critical and does not allow for remote code execution. At the same time, the anti-virus company reports that has notified Adobe about the problem.

Haifei Li, anti-virus analyst of McAfee, said that they discovered the unusual behavior of the system when they were working with files in PDF. According to him, the company has transferred to Adobe detailed information about the vulnerability, and before the release of the corresponding patch it will not disclose technical information about the bug.

In the blog McAfee the general description of a problem is given only. According to the description, when someone clicks on the link in the PDF-document, which leads to another part of the document, there is a call JavaScript API and criminals who want to mislead the reader can translate it to a malicious web site, disguised in a hyperlink URL- address. In addition, McAfee reported the detection of a lack of security in the system return of TCP-traffic in Adobe Reader. “Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, Internet service provider or even the victim’s computing routine,” – said Li.

In addition to it, users, can manipulate some parameters supervising links to collect unauthorized data on the target computer. McAfee notes that the last even in principle isn’t bug of Reader, and only reflects JavaScript essence, however considering large powers of Reader in system, the developer needed to limit the range of work of Javascript API in a case with Reader. Also anti-virus company notices that the revealed bugs don’t allow to compromise completely the computer, but they allow to collect crucial data which can be used during the subsequent attacks.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s