A micropatch has been made available to resolve a zero-day vulnerability impacting Adobe Reader which could lead to the theft of hashed password values. The vulnerability was originally disclosed by Alex Inführ on 26 January and proof-of-concept (PoC) code has been published. Comparisons have been drawn between the new zero-day bug and CVE-2018-4993, the so-called Bad PDF bug which was resolved in 2018. The exploit does not rely on a software error or specific vulnerability. Instead, attackers leverage weaknesses in a content embedding feature for PDF files, according to 0patch. See also: Adobe updates Sign with Government ID Authentication feature In this case, the problem lies within Adobe Reader DC and, if exploited, permits attackers to force a PDF file to automatically sent an SMB request to a threat actor’s server the moment a document is opened. This, in turn, allows the remote theft of an NTLM hash included in the SMB request. By “phoning home,” attackers are able to steal these hashed password values as well as become alerted the moment the document is opened. CNET: Trump reportedly will ban Chinese telecom equipment next week The zero-day is “functionally identical” to CVE-2018-4993, according to the researchers — but is simply in a different place. “While Bad-PDF used an /F entry to load a remote file, this issue exploits loading a remote XML stylesheet via SMB,” 0patch says. “Interestingly, if the document tries to do so via HTTP, there is a security warning there. However, when using a UNC path (the… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.