Vietnamese expert warns error in Adobe update version
Published: 07/07/2010 05:00
World top technology websites have recently reported Vietnamese expert’s discovery that the latest Adobe patch has failed to remedy an issue that could allow an attacker to run malicious code.
Adobe producer has verified this warning.
On June 29, Adobe released the version 9.3.3 update for the PDF software products, which was designed to plug several security problems, including one connected with the Launch dialogue box that could coax a user into opening an embedded executable file. Belgian security researcher Didier Stevens, who reported the issue to Adobe in March, confirmed in a blog post following the release of the patch that the problem was fixed.
However, according to Bach Khoa Internet Security Centre (Bkis) expert Le Manh Tung, the update has failed to fully remedy the issue, which the Vietnamese antivirus provider said is being used by viruses in attacks.
In a post on the Bkis security blog, Le Manh Tung argued that the fix could still be circumvented by adding quotation marks to the parameters of the executable file. If an attacker changes /F(cmd.exe) to /F(”CMD.exe”) in the exploit, the execution of the code is not blocked and a ’Launch file’ dialogue box is displayed, he said.
In a blog post, Adobe acknowledged the problems outlined by Stevens and Bkis. However, it noted that the issue took advantage of functionality designed to be part of the PDF, rather than a flaw, and said it had added a feature to ban attachments using a blacklist.
“While blacklist capabilities alone are not a perfect solution to defend against those with malicious intent (as highlighted by Le Manh Tung [...]), this option reduces the risk of attack, while minimizing the impact on customers relying on workflows that depend on the launch functionality,” Adobe said in its blog post.
It also said that it had amended its launch dialogue box warning to prevent attackers inserting rogue instructions designed to persuade users to ignore the warning message.
The company said it is still considering whether to take action on the patch workaround discovered by Bkis.
“We will evaluate this workaround to determine whether additional changes to the blacklist are required,” it said in the blog post.
Bkis suggested that one way for Adobe to keep its blacklist, yet avoid allowing attackers to use the workaround, is to make sure the parameter strings used in the launch process are given a standard form before being compared to the blacklist.
PV
Provide by Vietnam Travel Vietnamese expert warns error in Adobe update version - Sci-Tech - News | vietnam travel companyYou can see more
enews & updatesSign up to receive breaking news as well as receive other site updates!
|