Two major security vulnerabilities found in PDF files

Share this!

35

29

share it

e-mail

October 4, 2019

Author: Bob Yirka Tech Xplore of

A joint team of researchers from the Ruhr University of Bochum and the University of Münster discovered two major security vulnerabilities in the PDF file. They have recorded their findings through a secure network

.

PDF is

This includes electronic images of text and graphics. Such files are useful for documents that must be formatted in a specially designed way. You can also send them to others who can read them with a PDF document reader. Over the years, some users have used

To ensure that private documents are not seen by the intended recipients, doctors, lawyers, and even companies have begun to use the program to ensure privacy. But it now appears that the encryption scheme of such documents has two main vulnerabilities, and researchers call them two variants of a single PDFex vulnerability.

The first variant, which the researchers call "direct penetration," utilizes the PDF encryption specification-the software that performs the encryption does not encrypt every part of the PDF file. This makes part of the file open to hackers. One

Can be attached

The file in the unencrypted part of the file will be run when the legitimate user opens the file. After opening the file, the added code can send the contents of the file to the site designated by the attacker.

In the second version (no name), the attacker uses the cipher block link gadget to change the plain text that exists in the PDF document to code, just like the first version, when a legitimate user opens the file, the embedded code will change Execute, send

Go to the site designated by the attacker.

In order for both attacks to work, the attacker must first send access to the PDF file, and then send the file. This means that the attacker must infect the initial user's computer with a virus that initiates the code that modifies the PDF file.

The researchers plan to outline their findings about PDF vulnerabilities at this year's ACM Computer and Communication Security Conference.

Explore further

©2019 Science X Network

Facebook

Twitter

Feedback to the editor

12 hours ago

16 hours ago

January 19, 2021

11 hours ago

14 hours ago

October 3, 2014

July 3, 2019

August 20, 2019

April 3, 2007

January 25, 2018

May 9, 2011

January 13, 2021

January 7, 2021

January 1, 2021

December 9, 2020

Your feedback will be sent directly to the Tech Xplore editor.

Thank you for taking the time to send your valuable comments to the Science X editor.

You can rest assured that our editorial staff will closely monitor every feedback sent and will take appropriate action. Your opinion is very important to us.

Due to excessive communication volume, we do not guarantee a personal answer.

Your email address has already been used

Let the recipient know who sent the email. Neither your address nor the recipient's address will be used for any other purpose. The information you enter will appear in your email, and Tech Xplore will not keep them in any form.

Daily science news about research progress and the latest scientific innovations

Medical research progress and health news

The most comprehensive technology news report on the Internet

This website uses cookies to assist navigation, analyze your use of our services and provide content from third parties. By using our website, you acknowledge that you have read and understood our

with

.