Massive security Hole in Windows & Adobe

GEC: Discuss gaming, computers and electronics and venture into the bizarre world of STGODs.

Moderator: Thanas

Post Reply
User avatar
Edi
Dragonlord
Dragonlord
Posts: 12461
Joined: 2002-07-11 12:27am
Location: Helsinki, Finland

Massive security Hole in Windows & Adobe

Post by Edi »

Haven't seen this posted, but since I need to deal with fallout from shit like this at work, might as well spread the word:

http://www.theregister.co.uk/2007/10/26 ... x_windows/

Basically, patch your Adobe Reader to v8.1.1 and be on your toes after that. Even then, you might get hosed. Machines that get infected by the Adobe PDF vulnerability or through the Windows one tend to become spam servers spewing out maliciously constructed PDFs to spread the infection.
Warwolf Urban Combat Specialist

Why is it so goddamned hard to get little assholes like you to admit it when you fuck up? Is it pride? What gives you the right to have any pride?
–Darth Wong to vivftp

GOP message? Why don't they just come out of the closet: FASCISTS R' US –Patrick Degan

The GOP has a problem with anyone coming out of the closet. –18-till-I-die
Top
User avatar
Einhander Sn0m4n
Insane Railgunner
Posts: 18630
Joined: 2002-10-01 05:51am
Location: Louisiana... or Dagobah. You know, where Yoda lives.

Post by Einhander Sn0m4n »

Feel free to consider this post trolling, but I use Foxit for my PDF needs. Adobe's too bloaty for my tastes (why I switched in the first place), and this PDF spam sploit is even more reason to use anything else.
Image Image
Top
User avatar
Ace Pace
Hardware Lover
Posts: 8456
Joined: 2002-07-07 03:04am
Location: Wasting time instead of money
Contact:
Contact Ace Pace

Post by Ace Pace »

Einhander Sn0m4n wrote:Feel free to consider this post trolling, but I use Foxit for my PDF needs. Adobe's too bloaty for my tastes (why I switched in the first place), and this PDF spam sploit is even more reason to use anything else.
Cavet, some of us need Adobe because Foxit doesn't fully deal with some complex PDF with many layers, or some stuff doesn't render properly. I've had to deal with such PDFs quite abit, and others(such as Zod) also had.
Brotherhood of the Bear | HAB | Mess | SDnet archivist |
Top
User avatar
Edi
Dragonlord
Dragonlord
Posts: 12461
Joined: 2002-07-11 12:27am
Location: Helsinki, Finland

Post by Edi »

It should be noted that even though Adobe 8.0 had a vulnerability, the deepr issue is still in Windows XP itself and how it passes information to 3rd party programs, so even without Adobe Reader, you can get fucked by this problem. IE7 is one of the programs affected. So until MS fixes it, any PDF on the net is a potential landmine.

Fun fact regarding the malware that infects your machine through this exploit: It has anti-AV capabilities. I don't know just how many security software suites it can hamper, but it can avoid detection by F-Secure except by indirect means (the outgoing PDF spam is noticed, but its cause is not) and it can terminate F-Secure virusscan prematurely. No idea what it does with Norton and the other big name AV software.

So this is not something you really want to risk unless you like nuking and reinstalling your computer.
Warwolf Urban Combat Specialist

Why is it so goddamned hard to get little assholes like you to admit it when you fuck up? Is it pride? What gives you the right to have any pride?
–Darth Wong to vivftp

GOP message? Why don't they just come out of the closet: FASCISTS R' US –Patrick Degan

The GOP has a problem with anyone coming out of the closet. –18-till-I-die
Top
JLTucker
BANNED
Posts: 3043
Joined: 2006-02-26 01:58am

Post by JLTucker »

Thanks for the heads up, Edi. It is much appreciated.
Top
User avatar
Praxis
Sith Acolyte
Posts: 6012
Joined: 2002-12-22 04:02pm
Contact:
Contact Praxis

Post by Praxis »

Einhander Sn0m4n wrote:Feel free to consider this post trolling, but I use Foxit for my PDF needs. Adobe's too bloaty for my tastes (why I switched in the first place), and this PDF spam sploit is even more reason to use anything else.
I've found that most third-party PDF viewers (including Leopard's Preview, which far better performing than Adobe's own software and my preferred viewer) completely screw up when opening complex PDFs; specifically, encrypted ones locked to a user name and password that use a web server to authenticate. They seem to only work with Adobe's product.

I installed Adobe's viewer but didn't set it as default so I never see it unless I need it.
I'm just glad I'm on a Mac and don't have to worry about this. Still, I'm sure I'll be fixing it at work.
Fun fact regarding the malware that infects your machine through this exploit: It has anti-AV capabilities. I don't know just how many security software suites it can hamper, but it can avoid detection by F-Secure except by indirect means (the outgoing PDF spam is noticed, but its cause is not) and it can terminate F-Secure virusscan prematurely. No idea what it does with Norton and the other big name AV software.

So this is not something you really want to risk unless you like nuking and reinstalling your computer.
Ah crap. I just know SOMEONE will download this at work and infect half the network and I'll be stuck with cleanup duty, reformatting machines one at a time.
Top
RThurmont
Jedi Master
Posts: 1243
Joined: 2005-07-09 01:58pm
Location: Desperately trying to find a local restaurant that serves foie gras.

Post by RThurmont »

This causes me to appreciate Evince and XPDF more vigourously. That said, it is indeed a disturbing problem, in that the PDF was generally viewed as one of the last "safe" formats for sending data.
"Here's a nickel, kid. Get yourself a better computer."
Top
User avatar
Guardsman Bass
Cowardly Codfish
Posts: 9281
Joined: 2002-07-07 12:01am
Location: Beneath the Deepest Sea

Post by Guardsman Bass »

Is there any way to get around its potential ability to shut off virus scans? Can you run a better diagnostic in safe mode?
“It is possible to commit no mistakes and still lose. That is not a weakness. That is life.”
-Jean-Luc Picard

"Men are afraid that women will laugh at them. Women are afraid that men will kill them."
-Margaret Atwood
Top
User avatar
His Divine Shadow
Commence Primary Ignition
Posts: 12791
Joined: 2002-07-03 07:22am
Location: Finland, west coast

Post by His Divine Shadow »

Fuck I need to check the boss' computer at monday, ASAP. He just instaled a new Adobe reader and had some problems with it.
Those who beat their swords into plowshares will plow for those who did not.
Top
User avatar
InnocentBystander
The Russian Circus
Posts: 3466
Joined: 2004-04-10 06:05am
Location: Just across the mighty Hudson

Post by InnocentBystander »

So this doesn't impact Vista machines, right?
Top
User avatar
Pu-239
Sith Marauder
Posts: 4727
Joined: 2002-10-21 08:44am
Location: Fake Virginia

Post by Pu-239 »

RThurmont wrote:This causes me to appreciate Evince and XPDF more vigourously. That said, it is indeed a disturbing problem, in that the PDF was generally viewed as one of the last "safe" formats for sending data.
Unfortunately, evince seems to leak prodigious amounts of memory, and doesn't render PDFs as well (letters seem misaligned). I use it as the default though since it does load substantially faster.

ah.....the path to happiness is revision of dreams and not fulfillment... -SWPIGWANG
Sufficient Googling is indistinguishable from knowledge -somebody
Anything worth the cost of a missile, which can be located on the battlefield, will be shot at with missiles. If the US military is involved, then things, which are not worth the cost if a missile will also be shot at with missiles. -Sea Skimmer


George Bush makes freedom sound like a giant robot that breaks down a lot. -Darth Raptor
Top
Post Reply

Return to “Gaming, Electronics and Computers”