No User Action Required In Newly Discovered PDF Attack

I've had the good fortune of following Didier Stevens on Twitter for a few months and his research into various software flaws is nothing short of amazing. Didier has managed to demonstrate without a doubt that the latest Adobe PDF Zero-day flaw can trigger an attack even without user intervention. The culprit is one of the many things that your machine does in the background, in this case, the Windows Indexing Service (WIS). In order to index the contents of a PDF file, WIS needs to process it. Yet, the code responsible for processing the PDF is itself vulnerable to this latest attack, which leads to the compromise of a process running with local system privileges.

Src: No User Action Required In Newly Discovered PDF Attack | DarkReading [tx to @gattaca]

No comments: