Slashdot Mirror

← Back to Stories (view on slashdot.org)

PDF Vulnerability Now Exploitable With No Clicking

Posted by CmdrTaco on from the don't-not-click dept.

SkiifGeek writes "With Adobe's patch for the current PDF vulnerability still some time away, news has emerged of more techniques that are available to exploit the vulnerability, this time without needing the victim to actually open a malicious file. Instead, the methods make use of a Windows Explorer Shell Extension that is installed alongside Adobe Reader, and which will trigger the exploitable code when the file is interacted with in Windows Explorer. Methods have been demonstrated of successful exploitation with a single click, with thumbnail view, and with merely hovering the mouse cursor over the affected file. There are many ways that exploits targeting the JBIG2 vulnerability could be hidden inside a PDF file, and it seems that the reliability of detection for these varying methods is spotty, at best."

1 of 206 comments (clear)

  1. Tin foil hat by mlwmohawk · · Score: 0, Troll

    I get alternately frustrated and paranoid about these sorts of things. How on earth can a DOCUMENT format have an exploitable code problem. How stupid do you have to be to create this monster.

    Then the paranoia sinks in. People can't be this stupid. Really, seriously?

    There are a lot of positives for "corporate amerika" (read anti-consumer) if we are all paranoid about our systems. if nothing is safe, you can bet someone will be trying to sell safety. In my best "tin foil hat" thinking, the people who perpetrate the insecurity in the first place and sell you additional safety, are not to be trusted.

    There are lots of examples of "corporate amerika" teaming up to get you. RIAA and MPIAA are the more slashdot recognizable. A little paranoia may be just good thinking.

    We need to remember that the computer is a revolutionary platform that continues to introduce disruptive innovations. "Corporate amerika" really really dislikes that which disturbs the status quo. The computer is too much of a money maker to destroy like they did DAT recorders. They are teaming up to make the computer more like a VCR or DVD player and less a platform of innovation.

    Linux and free software is a problem for them because they can't control it. All they can control are the avenues through which we use our computers. The media formats, the services, etc. are all ways to leverage "corporate amerika's" assets against everyone.

    I know this is all paranoia, but I don't think there needs to be an actual conspiracy for it to be true. "Corporate amerika" is anti-freedom, I think we can all agree that this is most always case. They don't have to intentionally work together, but a group entities with basically the same objectives may behave in concert toward an objective without conscienceless knowing it like a thousand ants from a single ant hill.