Rectification Measures by Adobe PDF Software to Avoid Vulnerability整改措施由Adobe PDF格式的软件,以避免脆弱性
Computer security researchers have discovered a vulnerability in Adobe system Inc’s ubiquitous Acrobat Reader software that allows cyber intruders to attack PCs through rusted Web links.计算机安全研究人员发现的一个漏洞在Adobe系统公司的无所不在的Acrobat Reader软件,让网络入侵者攻击的PC通过生锈的网站链接。 The flaw appears to target Microsoft Corp’s Internet Explorer 6.0 Web browser and earlier versions and Mozilla’s Firefox browser.这个安全漏洞似乎目标,微软的Internet Explorer 6.0的Web浏览器和早期版本和Mozilla的Firefox浏览器。
Virtually any Web site hosting Portable Document Format (PDF) files are vulnerable to attack, according to researchers from几乎所有的网站主机可携式文件格式( PDF )文件是容易受到攻击,根据研究人员从 Symantec Corp赛门铁克公司 and VeriSign Inc’s iDefense Intelligence.和VeriSign公司的iDefense的情报。
The attacks could range from stealing cookies that track a user’s web browsing history to the creation of harmful worms, they said.攻击的范围可以从窃取的cookies跟踪用户的Web浏览历史记录,以建立有害蠕虫,他们说。 The flaw exists in a plug-in that enables Acrobat users to view PDF files within Web browsers.该缺陷存在于一个插件在acrobat ,使用户能够查看PDF文件,网页浏览器。 By manipulating the Web links to those documents, hackers and online thieves are able to commandeer the Acrobat software and run malicious code when users attempt to open the files, according to Ken Dunham, director of the rapid response team at iDefense Intelligence.操纵网络链接到这些文件,黑客和在线窃贼能够commandeer Acrobat软件和运行恶意代码,当用户试图打开文件,根据肯邓纳姆,主任的快速反应小组在iDefense的情报。
Dunham gave his hypothetical scenario: An attacker finds a PDF file on a banking Web site.邓纳姆了他的假设情况:一,攻击者发现了PDF档案对银行的网站。 The attacker creates a hostile Web site that links to the bank’s PDF file.攻击者创建一个敌对网站链接到银行的PDF档案。 Included is malicious JavaScript code that will run on the unsuspecting user’s computer once the link is clicked.包括是恶意的JavaScript代码将运行在不知情的用户的计算机一旦点击链接。 “PDF is trusted, tried and true – everyone uses it,” Dunham said. “ PDF是值得信赖的,审判和真实-每个人都使用它, ”邓纳姆说。 “But instead of just viewing the file, you’ve initiated script that shouldn’t be executed. “但,而非只是看文件,您发起的脚本,不应该被处决。 All you have to do is click on the PDF and the ball starts rolling.”所有您需要做的就是按一下该PDF和球开始滚动“ 。
In response to this finding, Adobe Systems has announced that it will issue patches next week for older versions of its Reader and Acrobat Reader software to update to the latest versions of Adobe Reader and Acrobat to avoid being affected by this cross-site scripting flaw in its software that allows attackers to run malicious JavaScript on a user’s PC.在回应这一调查结果, Adobe系统公司已经宣布,它会发出补丁下星期的旧版本,其读者和Acrobat Reader软件升级到最新版本的Adobe Reader和Acrobat ,以避免受到影响,这跨站点脚本缺陷在其软件,允许攻击者执行恶意的JavaScript使用者的电脑上。
Adobe System is seriously looking into this issue. Adobe公司系统正在认真研究这个问题。 Since the problem affects versions 7.0.8 and earlier of the Acrobat and Reader programs, Adobe is urging users of those versions to disable the Acrobat and Reader plug-in in their Web browser until the patches are issued.既然问题影响版本7.0.8和更早的Acrobat和Reader程序, Adobe正敦促用户的这些版本中禁用Acrobat和Reader插件,在他们的Web浏览器,直到补丁发出。 Adobe has also been encouraging customers to upgrade to Reader 8 , the latest version of its program, which is not affected by the vulnerability. Adobe公司也一直鼓励客户升级到读者8 ,其最新版的计划,这是不会受该漏洞。
Adobe is also warning users to exercise caution when clicking on untrusted links, since those links could be manipulated to run an exploit. Adobe公司还向用户提出警告,行使时务必谨慎,点击链接就不可信,因为这些链接可以操纵运行利用。 Security vendor Websense Inc. wrote on Thursday that an attacker could also gain access to files on a machine.安全厂商公司Websense上写道周四表示,攻击者还可以获取文件的一台机器。
Exploits will apparently only work with certain combinations of Web browsers and Adobe software, but Adobe did not specify which combinations.利用显然,只有将工作与某些组合的Web浏览器和Adobe软件,但Adobe公司没有具体说明哪些组合。
IMPORTANT : This is a machine translated page which is provided "as is" without warranty. 重要说明 :这是一个机器翻译网页是“按原样”提供的担保。 Machine translation may be difficult to understand.机器翻译可能很难理解。 Please refer to请参阅 original English article英文原版的文章 whenever possible.只要有可能。
Share and contribute or get technical support and help at分享和贡献,或取得技术的支持和帮助,在 My Digital Life Forums 我的数字生活论坛 . 。
Related Articles相关文章
- Disable PDF from Opening in Web Browser (IE, Firefox, Opera, Safari)禁用的PDF从开放在Web浏览器(即,火狐,歌剧, Safari浏览器)
- Digital Signature and Timestamp to PDF Documents数字签名和时间戳到PDF文档
- PDF Hammer Free Online PDF Files Editor PDF格式锤免费在线PDF文件编辑器
- Adobe Reader for Acrobat PDF 8.1.2 Direct Download Links via HTTP Adobe Reader的PDF格式为acrobat 8.1.2直接下载链接通过HTTP
- Adobe Acrobat Reader 7 Standalone Installer Full Download使用Adobe Acrobat Reader 7独立安装程序完整下载
- Manipulate Acrobat PDF Files with pdftk Toolkit操纵acrobat PDF档案与pdftk工具包
- How to Open Password Protected or Encrypted Adobe PDF Files如何打开密码保护或加密的Adobe PDF档案
- Adobe Reader 8.1 Full Version Installer Free Download for Vista and Office 2007 Adobe Reader的8.1完整版安装程序免费下载为Vista和Office 2007 。
- Alternatives To Adobe Acrobat Reader替代的Adobe Acrobat Reader
- Foxit PDF Preview Handler Free Download foxit PDF格式预览处理免费下载
