[Full-disclosure] Re: email attack vector just got wider
Micheal Espinola Jr
michealespinola at gmail.com
Mon Apr 25 22:13:25 BST 2005
Perhaps not "just". My apologies for those that are aware of this, but it
seems Adobe 6 also had this capability - although many people have been
unaware of this. I recently upgrade from 5 to 7, so I missed this potential
issue from the get-go.
Someone pointed out to me that Symantec does have a bulletin stating that
by setting your AV to "scan all files" you can detect a virus inside a file
embedded into a PDF.
Unfortunately, this does not address the blocking of certain attachments
On 4/25/05, Micheal Espinola Jr <michealespinola at gmail.com> wrote:
> It seems most people I know haven't noticed that the new version of Adobe
> Acrobat (7) now allows for embedded/attached documents.
> Since PDF's have generally been considered a safe document format and are
> typically not blocked by content/attachment scanners, this now opens an
> email-based attack vector that anti-virus providers [to the best of my
> knowledge] are not currently addressing.
> Many thanks to Adobe for creating another issue for us to deal with, and
> especially for not having the forethought to coordinate with anti-virus
> vendors to prepare for assuredly future exploitation of the technology.
> my home: <http://www.santeriasys.net/>
> my photos: <http://mespinola.blogspot.com/>
my home: <http://www.santeriasys.net/>
my photos: <http://mespinola.blogspot.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.