McAfee has warned of a vulnerability in Adobe's Reader PDF viewing software that could potentially allow attackers to track the usage of files in unexpected ways.
According to a blog post
made by McAfee's Haifei Li late last week, 'unusual PDF samples
' have been detected in the wild, courtesy of a shady email tracking company, which are exploiting a previously unknown flaw in Adobe's Reader software. While not capable of allowing remote code execution - the most serious type of vulnerability - Li claims that the flaw can be used to disclose privileged information on how the document spreads.
' Li explains. 'However, this action is normally blocked and creates a warning dialogue asking for permission. The danger is that if the second parameter is provided with a special value, it changes the API’s behaviour. In this situation, if the UNC resource exists, we see the warning dialogue. However, if the UNC resource does not exist, the warning dialogue will not appear even though the TCP traffic has already gone.
The result: an attacker can see when and where the PDF file was opened, even though the security systems built into Reader should have prevented it from making contact with the remote server.
'Is this a serious problem? No, we don’t want to overvalue the issue,
' Li admits. 'However, we do consider this issue a security vulnerability. Considering this, we have reported the issue to Adobe and we are waiting for their confirmation and a future patch. We are also hiding the key details of the vulnerability to protect Reader users.
Thus far, Adobe has not issued a statement regarding the flaw, and it is not known whether the company is actively working on a patch for what it will surely view as a relatively low-priority issue.