A recently discovered security weakness in the widely used Acrobat Reader software could put Net users at more risk than previously thought, experts warned Thursday.
Initially, security professionals thought that the problem was restricted and exposed only Web-related data or could support phishing scams. Now it has been discovered that miscreants could exploit the problem to access all information on a victim's hard disk drive, said Web security specialists at WhiteHat Security and SPI Dynamics.
For an attack to work, a malicious link has to point to an existing PDF file on the Web or on the target system. PDFs are abundant on the Net and finding one on a local system also isn't hard, a sample PDF file comes with Acrobat Reader and is installed in a predictable location on PCs, Grossman said.
News source: CNET