Friday Favourite Jan 16th 2009
January 16th, 2009
What was it this week attack applications that use Adobe PDF technologies? For whatever reason this week had an unusual number of disclosures amongst the hundreds of SQL injection and XSS attacking the PDF file format. With that said my favourite this week is a toss up between:
Sun Solaris Adobe Reader Multiple Vulnerabilities
Advisory URL: http://secunia.com/Advisories/33491/
Sun has acknowledged some vulnerabilities Adobe Reader included in Solaris, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user’s system.
and:
jhead ‘DoCommand()’ Arbitrary File Deletion Vulnerability
Advisory URL: http://www.securityfocus.com/bid/32506
I find the jhead rather amusing since I use that piece of software. What I find even funnier is that I do not believe it has not yet been patched on my system, but I could be wrong. It probably will not get patched on many production servers that are running applications that the lazy administrators do not want to break. I guess when all of their files disappear they will learn their lesson.
I do not know much information about the sun adviosory other than what is listed on the secunia website but I think that the solution is hilarious.
“Do not open PDF files from untrusted sources.”
Ok, my boss just sent me a PDF do I trust it?
“Sorry Mr Boss Man, I haven’t opened any PDF’s recently because Sun told me not to. I can’t verify that it was you who actually sent the document since you send me so many.”
Oh well, another day another advisory.
Entry Filed under: Vulnerabilities
Trackback this post