The original version of this page can be found at : http://www.canadianwellsite.com/oiltalk/default.aspx?f=11&m=3356
Posted By : Forum Administrator - 1/8/2010 9:00 AM
Non-fans of the PDF file format now have one more reason to harbor negative feelings towards it. Hackers have found another way to exploit a vulnerability on a rather large scale, and it's supposed to be five more days before Adobe puts a fix in place.

Jessa De La Torre, a threat response engineer at Trend Micro, explained the latest danger in a blog post, writing, "The sample (detected by Trend Micro as TROJ_PIDIEF.WIA) uses the heap spray technique to execute shellcode in its stream. As a result, a malicious file detected as BKDR_POISON.UC is dropped into the system."

De La Torre then continued, "When executed, BKDR_POISON.UC opens an instance of Internet Explorer and connects to a remote site, cecon.{BLOCKED}-show.org. Once connected, a malicious user may execute any command on the affected system."

And Adobe's announced that it won't provide a patch until Tuesday, January 12th.

Of course, standard be-careful-what-you-click-on practices will go a long way toward keeping people safe from this threat.

Individuals can do something else to protect themselves while Adobe readies its solution, too: users of Adobe Reader or Acrobat have the option of either utilizing the javascript Blacklist Framework, or manually disabling javascript if that seems easier.

Also, one other positive, semi-related story is that Adobe's working on a new update utility designed to automatically apply patches.

Maybe PDF's critics will find a little less to get upset about in the future, then.

www.SecurityProNews.com