TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    OnePlus’ Nord N20 5G is now available unlocked

    June 27, 2022

    US company spending on private jets for personal use hits 10-year high

    June 27, 2022

    Jump in the public queue to purchase a PS5 from Sony

    June 27, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      OnePlus’ Nord N20 5G is now available unlocked

      June 27, 2022

      Jump in the public queue to purchase a PS5 from Sony

      June 27, 2022

      Amazon is reportedly hosting a second major Prime-exclusive shopping event this year

      June 27, 2022

      Valve is doubling Steam Deck shipments, so you might get yours faster

      June 27, 2022

      The Supreme Court says it won’t consider rewriting defamation law… yet

      June 27, 2022
    • Business
    • Cyber Security

      87% of executives have no cybersecurity tools on personal devices

      June 27, 2022

      CISA releases cloud security reference

      June 27, 2022

      Colin Ahern named New York’s Chief Cyber Officer

      June 27, 2022

      Contractors don’t have to increase your risk profile

      June 27, 2022

      Pharmaceutical company secures network with AppSec compliance tools

      June 24, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Unofficial Patch Released for Adobe Reader Zero-Day
    Cyber Security

    Unofficial Patch Released for Adobe Reader Zero-Day

    February 12, 2019Updated:February 12, 2019No Comments2 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    One day before Adobe’s monthly security updates, a third-party fix has been released for an Adobe Reader vulnerability revealed several weeks ago.

    Discovered by security researcher Alex Inführ, who also published proof-of-concept code, the vulnerability allows a PDF document to send SMB requests to an attacker’s server. 

    The vulnerability impacts the latest version of Adobe Reader DC, 2019.010.20069, and is likely affecting older versions of the application as well. 

    The security flaw is similar to CVE-2018-4993, a vulnerability disclosed in April last year, which could allow a remote attacker to steal NTLM details included in the SMB request. The attack is possible because remote documents and files can be embedded inside PDF files. 

    To address the issue, Adobe added a security warning that Reader would show to the user before a request to a remote share was made. The alert allowed users to prevent a potentially malicious document from sending any type of information to the attacker’s server.

    What Inführ discovered was that the alert can actually be bypassed if Universal Naming Convention (UNC) paths are employed. These paths denote resources in shared folders and are used to access remote file systems, typically SMB. 

    While Adobe has yet to address the vulnerability, 0patch, a community project that aims to address software vulnerabilities by delivering tiny fixes to users worldwide, has already released a micropatch for Reader and delivered it to their users. 

    The fix follows on Adobe’s footsteps by adding a warning when a PDF document uses UNC paths to load resources from a remote location. With this micropatch installed, a security alert will be displayed to the user before the document makes any request to a remote server. 

    Adobe is getting ready to release its monthly set of security updates today, and is expected to address vulnerabilities in both Adobe Acrobat and Reader, but there’s no information currently available on whether this issue will receive an official fix or not. 

    Related: PDF Files Can Silently Leak NTLM Credentials

    Related: Two Critical Flaws Patched in Adobe Acrobat, Reader

    Related: Microsoft Incompletely Patches JET Database Vulnerability

    Ionut Arghire is an international correspondent for SecurityWeek.

    Previous Columns by Ionut Arghire:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    87% of executives have no cybersecurity tools on personal devices

    June 27, 2022 Cyber Security

    CISA releases cloud security reference

    June 27, 2022 Cyber Security

    Colin Ahern named New York’s Chief Cyber Officer

    June 27, 2022 Cyber Security

    Contractors don’t have to increase your risk profile

    June 27, 2022 Cyber Security

    Pharmaceutical company secures network with AppSec compliance tools

    June 24, 2022 Cyber Security

    How secure is your digital supply chain?

    June 24, 2022 Cyber Security
    Editors Picks

    US company spending on private jets for personal use hits 10-year high

    June 27, 2022

    Jump in the public queue to purchase a PS5 from Sony

    June 27, 2022

    Russian missile strike on Ukraine shopping mall draws outcry

    June 27, 2022

    Amazon is reportedly hosting a second major Prime-exclusive shopping event this year

    June 27, 2022
    Trending Now

    Boris Johnson prepares to extend tariffs to protect UK steel industry

    By techbizweb

    CISA releases cloud security reference

    By techbizweb

    Roku’s capable Streambars are down to their lowest prices

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.