Jump to content
xisto Community
dserban

Difficult To Believe: Pdfs Put Windows Xp At Risk, Says Researcher

Recommended Posts

The British security researcher who has disclosed two critical flaws in popular media files in the past week said yesterday that a zero-day vulnerability in Adobe Inc.'s pervasive PDF files could be exploited to snatch control of Windows XP systems.
Petko Petkov, a penetration tester who recently disclosed a zero-day flaw in Apple Inc.'s QuickTime a week ago and a similarly critical bug in Microsoft Corp.'s Windows Media Player, now says that Adobe System Inc.'s Acrobat Reader files harbor a serious vulnerability.
The PDF zero-day beats the media file flaws hands down, said Petkov. "Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box," he said on his blog today. "Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page, which embeds one."

http://forums.xisto.com/no_longer_exists/

Edited by dserban (see edit history)

Share this post


Link to post
Share on other sites

Interesting, this can be serious, but unfortunately I get a 503 on the link you provided, maybe he got much visits lately and his server went down :blink:Oh it seems to work and his blog seems to work too now.

Edited by Quatrux (see edit history)

Share this post


Link to post
Share on other sites

So is it affecting only Adobe Reader users or does ALL PDF files opened on Windows XP Service Pack 2 have this security risk?I actually don't see the use of PDF over plain old HTML files. If you prefer use Microsoft Word, then use DOC/DOCX, why PDF anyways?

Share this post


Link to post
Share on other sites

The way i see it is that it provides a published uneditable version of something, useful for documentations and whatnot.I usually don't read PDF's anyway, only the occasional stuff but otherwise all the info i need is on forums there's no need for me to download them.If i need a copy of what i'm reading i'll just copy/paste into notepad or something, easy and done.-HellFire

Share this post


Link to post
Share on other sites

is it like adobes actual fault or just a plain thing with PDF's?ive always liked PDF's for everything, if im reading something big on the internet i always look for a PDF first.although since ive been using them like ever since i got my first computer, i dont think ill stop using them, they havent done anything before, i dont think, lol!

Share this post


Link to post
Share on other sites

is it like adobes actual fault or just a plain thing with PDF's?
ive always liked PDF's for everything, if im reading something big on the internet i always look for a PDF first.

although since ive been using them like ever since i got my first computer, i dont think ill stop using them, they havent done anything before, i dont think, lol!


I agree 100%, PDF's are a great source of information, because the nature of "Document", this means invaluable quality. The only drawback is the weight of files, there must be some way to interactively print a sort of any HTML pages to a single PDF...

Blessings!

Share this post


Link to post
Share on other sites

I usually don't read PDF's anyway

My scanner, as a lot of others, has a "pdf" button. When somebody asks me a copy of a document, my last phone bill or a business card, I put the paper on my scanner, it creates a pdf file, and I simply send the pdf file by mail.If this trick is interesting for a lot of people (like a nice postcard), I put it on my website. So, each guy who wants to see the postcard opens a pdf file.
I'm not very sure that today we can survive without reading pdf files. I feel it like not being connected to the Internet because it's dangerous. Of course, it's dangerous, but can we continue leaving in our world without it ?

Share this post


Link to post
Share on other sites

Erm, for images and stuff, JPEG/PNG/GIF/SVG and even BMP for Windows users is fine (although BMP may be a bit bloated).For text/images, plain old (X)HTML is great. For those office application users, DOC/DOCX/ODT is great for storing these kinds of documents.I honestly don't know what is so great about PDF, they are slow to load in Adobe Reader, and even slower if loaded in Firefox/Internet Explorer.

Share this post


Link to post
Share on other sites

PDF is really great, even though I agree that they are slow, but with current versions they load faster and scroll faster, if you just need a simple document, just use a document file, but PDF can do much more, in fact I usually publish PDF's if I can, do all my works with PDF's in the University, it is a portable document, you can read it on any OS, but of course a lot of things changed, it is as easy to read .doc files on Linux as on Windows, but like if you create files with OO, usually a lo of people don't have OO on Windows, just Word, the same is with most schools, colleges, universities, academies, libraries and offices etc. but most of them are able to read a PDF document.. Most of comics can be created as PDF's, Newspapers, Manuals, Books and etc.

Share this post


Link to post
Share on other sites

hmmm...that is interesting...I wonder how quickly a fix for this will be out (or is there one already?) If I had to guess adobe is already aware of the issue and is fixing it as soon as they can.Is it only for windows xp though? In that case is it microsoft's issue and not adobe's? (Sorry, I had trouble loading the original source because of the ads and it not letting me to the actual website)

Share this post


Link to post
Share on other sites

I'm running on MacOS X on my Mac, so I guess there goes another exploit that doesn't affect me ;) .
xboxrulz



haha nice....yep I guess you do have another exploit that doesn't affect you....lucky you, although with the increase in the number of people using apple computers, I am sure it is only a matter of time...

Share this post


Link to post
Share on other sites

haha nice....yep I guess you do have another exploit that doesn't affect you....lucky you, although with the increase in the number of people using apple computers, I am sure it is only a matter of time...

You do remember UNIX is statistically safer than Windows NT no matter how you look at it. It was designed with stability and security in mind over "ease-of-use". Does this mean that it's invulnerable, no, however, chances are a lot lower than Windows NT and installed userbase doesn't really count. Look at Linux, there's more Linux users than Mac users; you don't see too much critical exploits on Linux than Windows or any other operating systems.

xboxrulz

Share this post


Link to post
Share on other sites

That is true, however I think microsoft started to take more of an approach similar to that of what you see in linux with the user account control (granted that it comes up constantly and so many users I am sure will just ignore it and click on the allow), it does provide an added ability to know what is going on with your computer...so in that sense microsoft has started to put security in front of usability (and they got tons of criticism for it), however I don't know that it is entirely foolproof.As for linux, it seems to me that I remember seeing somewhere that there have been a number of critical problems with linux in some of the recent months....although I don't have a source for this (so i'll have to dig around a little for it).But yes, I do all in all believe that apple seems to do a better job with their products than microsoft (although recently it seems as if apple is doing better with the hardware side of things providing really good hardware). In fact I may just get an apple for my next laptop computer, because I love my iPod, and from what I have used for apple computers in recent years seem to be really good.I am still going to stand on the side though, that as more and more people start using mac's the likelyhood of there being exploits is going to go up (and that doesn't necessarily mean that the exploits lie in the operating system itself), it could easily be in a poorly coded application, as is the case with many exploits.This is really off topic (even more so than above so if you would like to split this into another topic that is ok), but do you like your macbook a lot? (would you recommend it to others?)

Share this post


Link to post
Share on other sites

A possibility, and yes Microsoft tends to copy UNIX right now as it's basically MacOS X on the visuals anyways. However, the UAC is quite annoying and causes compatibility issues with legacy applications. People say that Windows Vista (SP0) is really a bigger beta test while Windows Vista (SP1) is the true release of Windows Vista since there's a lot of performance improvements and security patches.

Linux has it's fair share, however, it's still fixed faster than on Windows or MacOS X.

As for the Macbook, I answered it here: http://forums.xisto.com/topic/94285-topic/?findpost=1064378481.

xboxrulz

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.