ATTENTION: The Boards will be closed permanently on May 28th, 2014. Posting will be disabled on April 28th, 2014. More Info

New Vulnerability Discovered When Using Adobe Acrobat X Pro


GROUP: Members

POSTS: 749

Report this Aug. 07 2012, 4:32 pm


Adobe Acrobat X Pro

Earlier today I was PDF'in a website so I could make a PDF of various manuals to read while offline.

While the AAXP was indexing the pages of the website a dialogue box appeared informing me that I was attemping to access restricted areas of the website and then prompted me to enter a user name and password.

At first I thought that AAXP needed my permission to store the the pages on my laptop but after entering several usernames and passwords I realized that AAXP needed my permission to access the restricted information in order to copy the classified pages into the PDF.

I didn't think anything of it until a few moments ago when I realized that an entire website can be made into a PDF and if a hacker had the right tools they could hack the security by providing accurate credentials that allow AAXP to PDF the restricted information.

Once the restricted information had been copied into the PDF all the hacker need do is open the PDF to the restricted area to read the restricted information protected by the user/password barrier.

With all of the Net traffic these days it would be almost impossible to determine if AAXP was being used in a maliscious attack.

Just imagine someone using AAXP to PDF an entire bank website and being able to hack into the restricted areas to gather information on transactions, account balances, account information, credit card numbers, etc.

I would have to say that the next level of hacker will try to use AAXP to copy target sites into PDF's where they will then analyze the PDF for any weaknesses so they can hack the site to get your money.

Recently logged in

Users browsing this forum: FleetAdmiral_BamBam, wissa

Forum Permissions

You cannot post new topics in this forum

You cannot reply to topics in this forum

You cannot delete posts in this forum