Main Area and Open Discussion > General Software Discussion

Adobe Acrobat Reader Security Vulnerability

<< < (2/4) > >>

Darwin:
Interesting, thanks for correcting me on that Lashiec.

Renegade:
Is this a flaw in the Adobe rendering engine or the PDF file format itself?

If I use (say) FoxIt to view PDFs am I vulnerable?
-Ralf Maximus (October 09, 2007, 11:34 AM)
--- End quote ---

It's kind of not possible for a file format to have a vulnerability. If you're working from a spec., then whatever language you implement it in will have different ways to handle things.

If you're using an unmanaged language like C and implementing something like a "title" field in a file header that in the spec. may only be up to 255 characters (or whatever), then it's up to you to make sure that you check the size, etc., and ensure that you don't allow a buffer overflow, etc. Perhaps you need to null terminate it. Perhaps there's another mechanism for that like delimiters. Those considerations mostly apply to reading as if you're writing a file nothing really matters, and if you're a virus writer, it's the reader application that you want to exploit by injecting code (or whatever).

So if you are reading a file and encounter a title field in a file header that is 4,582 bytes long before you encounter a null termination, then you've got to discard everything after the 255th byte, or you need to do some kind of error checking. etc. etc. etc.

It is possible for there to be a flaw in the spec., but that's a different question entirely. Most exploits are for implementations.

The obvious example of a 'flawed spec.' is Windows 9x. It was designed as a stand-alone personal computer, and not a network computer. Once it became connected to untrusted networks, the problems became painfully apparent. That of course is all debatable, but should kind of point out the difference somewhat.

Ralf Maximus:
Renegade: I take your point, and mostly agree.  However if a specification allows for (say) an executable to be launched with elevated security rights, is that a flaw in the specification?  Or just a poor decision by the designer?

My question was more along these lines -- is there something in the spec itself that warrants concern? 

I could probably figure it out myself by reading about the PDF internal layout, comparing Adobe & FoxIt implementations, and googling for security news... but it seemed more expedient to simply ask here.  Plus reading all that crap about PDF seems about as exciting as waiting for my solar flashlight to charge at night.

Renegade:
I don't believe that there is anything in the PDF spec. that warrants a concern, but I could be wrong. It would be unusual for there to be a problem there.

Another example of a security "hole" is the ZIP 2.0 encryption standard. It's considered "weak" because if you have one of the files from a ZIP archive in unencrypted form, you can decrypt the entire archive. Well... It is a problem, but it's not really all that serious if you're just using it for casual security. If you know that you have the only copy of all of the files, then the entire archive is secure. So while there is a kind of exploit for it, it really isn't a huge worry as the exploit is very very specific. It's not like a buffer overflow that can be exploited at will. 

As for watching your solar flashlight recharge at night... Please don't. :) (I got a kick out of that one! Thanks for the laugh.) But if you did find a real PDF exploit... Those things are worth money! ;) Well... to the bad guys anyways...

SKA:
Javacool (of SpywareBlaster fame) has a free tool to fix this:

http://www.javacoolsoftware.com/pdffix.html

Rgds
SKA

Navigation

[0] Message Index

[#] Next page

[*] Previous page