Rectification Measures by Adobe PDF Software to Avoid Vulnerability
Computer security researchers have discovered a vulnerability in Adobe system Inc’s ubiquitous Acrobat Reader software that allows cyber intruders to attack PCs through rusted Web links. The flaw appears to target Microsoft Corp’s Internet Explorer 6.0 Web browser and earlier versions and Mozilla’s Firefox browser.
Virtually any Web site hosting Portable Document Format (PDF) files are vulnerable to attack, according to researchers from Symantec Corp and VeriSign Inc’s iDefense Intelligence.
The attacks could range from stealing cookies that track a user’s web browsing history to the creation of harmful worms, they said. The flaw exists in a plug-in that enables Acrobat users to view PDF files within Web browsers. By manipulating the Web links to those documents, hackers and online thieves are able to commandeer the Acrobat software and run malicious code when users attempt to open the files, according to Ken Dunham, director of the rapid response team at iDefense Intelligence.
Dunham gave his hypothetical scenario: An attacker finds a PDF file on a banking Web site. The attacker creates a hostile Web site that links to the bank’s PDF file. Included is malicious JavaScript code that will run on the unsuspecting user’s computer once the link is clicked. “PDF is trusted, tried and true – everyone uses it,” Dunham said. “But instead of just viewing the file, you’ve initiated script that shouldn’t be executed. All you have to do is click on the PDF and the ball starts rolling.”
In response to this finding, Adobe Systems has announced that it will issue patches next week for older versions of its Reader and Acrobat Reader software to update to the latest versions of Adobe Reader and Acrobat to avoid being affected by this cross-site scripting flaw in its software that allows attackers to run malicious JavaScript on a user’s PC.
Adobe System is seriously looking into this issue. Since the problem affects versions 7.0.8 and earlier of the Acrobat and Reader programs, Adobe is urging users of those versions to disable the Acrobat and Reader plug-in in their Web browser until the patches are issued. Adobe has also been encouraging customers to upgrade to Reader 8 , the latest version of its program, which is not affected by the vulnerability.
Adobe is also warning users to exercise caution when clicking on untrusted links, since those links could be manipulated to run an exploit. Security vendor Websense Inc. wrote on Thursday that an attacker could also gain access to files on a machine.
Exploits will apparently only work with certain combinations of Web browsers and Adobe software, but Adobe did not specify which combinations.
Share and contribute or get technical support and help at My Digital Life Forums.
Related Articles
- HangTime Measures Your Hang Time
- YouTube Remixer - Adobe Online Video Editing Software and Youtube Mobile
- How to Avoid, Bypass or Escape Google Sandbox
- Avoid Santa Claus Worm While Celebrating Christmas
- Avoid, Disable or Fix IE Click or Press Spacebar or Enter to Activate and Use This Control Message
- Adobe Launched Adobe Integrated Runtime Version 1.0
- Adobe Labs Released Adobe AIR 1.0 Beta 3
- Acunetix Web Vulnerability Scanner Reviews
- Acunetix Web Vulnerability Scanner Review by IT-Observer
- Cornell University Researchers Demonstrated GPS Vulnerability with Spoofing Activities
Entries (RSS)
September 13th, 2008 18:04
Process to convert Adobe Digital Editions e-book to normal PDF so that it can be opened with Adobe Acrobat Reader on all the machines.
Software / Items that you need.
1. A good screen capturing (Print Screen) tool. I prefer “Gadwin PrintScreen” as it is free and easy to setup. It can be downloaded from the web site: http://www.gadwin.com/download/
2. Adobe Digital Edition E-book (of course that is the e-book that you need to convert.
3. Any software that can integrate multiple images (JPEG) to single PDF. You can use various PDF printers available on web or PDF converters (Search google using JPEG to PDF and you can find many results). But I prefer Adobe Acrobat Professional, as it is quite easy to use.
Why to convert Adobe Digital E-book to Normal PDF
1. First of all you have paid for the book, so it your right to open the book on any PC you want. Once the book is converted, you can save it pen drive, CD, DVD or send yourself on email and open anywhere in the world.
2. You can take printouts of the page(s) that you need for reference.
3. If you wish you can share it with your friends and other people.
4. If the book is not worth for what you have paid for it, you can share it with other people.
Process
1. Install the free Gadwin PrintScreen. The installation is pretty straightforward and it would be setup in couple of minutes.
2. Next setup the options in Gadwin PrintScreen as follows:
3. In Preferences, Under the Section Capture Settings, use the following settings:
4. Hotkey – Printscreen (or any other key that you prefer)
5. Check “Show notification messages”
6. Check “Preview the Captured image”
7. In the “Source” Settings, Choose “Rectangular Area” and Uncheck “Capture Mouse Cursor”
8. In the “Destination” settings, Check “Automatic Naming”. In the File name, mention “0” and specify any directory where you want to keep images. I choose “C:\Book”. Please note that you have to create a new folder in C:\ drive by name book.
9. In the “Image” settings, choose type of Image “JPEG” and set “JPEG Quality” to 100%.
10. Now capture one by one all the images of the book including any blank pages. This will help you in tracking how much images have been captured.
11. Once all the images are captured as JPEG, open “Adobe Acrobat Professional”
12. In the file menu, choose “Create PDF” and then choose “From Multiple Files…”
13. Click on “Browse” under the section “Add Files” and browse to the directory where images were captured (e.g. C:\Book)
14. Select all the images and make sure that the numbering is correct for the images i.e. 001, 002, 003, ……………..
15. Click on OK
16. You are done. PDF file has been created.