|
|
By Paul Roberts
June 20, 2003
The CERT Co-ordination Centre has issued a vulnerability notice for a problem affecting Portable Document Format (PDF) readers for the Unix and Linux platforms, less than a week after the information was leaked to the internet.
The CERT vulnerability note, VU#200132, describes a problem with the way some Unix PDF reader programs handle hyperlinks embedded within PDF documents.
In retrieving the content pointed to by those links, some PDF readers launch external programs by invoking the Unix shell command interpreter.
In some cases, an attacker could use malicious instructions embedded in the hyperlink to compromise the victim's computer, CERT said.
On 13 June, an individual using the name "hack4life" posted leaked information on the same vulnerability to the online discussion list Full-Disclosure.
The information was taken from a communication sent from CERT to software suppliers affected by the PDF problem, according to CERT.
In an e-mail, hack4life said that the intercepted communication indicated that CERT was planning to release the vulnerability note on Monday 23 June.
With the unauthorised release of information on the PDF reader flaw, however, CERT brought forward publication of the vulnerability notice, according to Shawn Hernan, a member of the CERT technical team.
Source: Computer Weekly
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
