Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Windows Built-In PDF Reader Exposes Edge Browser to Hacking
#1
WinRT PDF exposes users to drive-by attacks
 
WinRT PDF, the default PDF reader for Windows 10, opens Edge users to a new series of attacks that are incredibly similar to how Flash, Java, and Acrobat exposed Web users for the past few years.

The Windows Runtime (WinRT) PDF Renderer library, or just WinRT PDF, is a powerful component built into recent Windows OS versions that allows developers to easily integrate a PDF viewing feature inside their apps.

The library is used for many apps distributed via the Windows Store, the default Reader App included in Windows 8 and 8.1, and even with Edge, Microsoft's latest Web browser.

Hackers can abuse WinRT PDF for drive-by attacks

Mark Vincent Yason, security researcher with IBM's X-Force Advanced Research team has discovered that WinRT PDF can be leveraged in drive-by attacks in the same way attackers used Flash or Java in the past.

Since WinRT PDF is Edge's default PDF reader, any PDF file embedded inside a Web page will be opened within the library. A clever attacker can contain a WinRT PDF exploit within his PDF file, which could be secretly opened using an iframe positioned off screen with CSS.

The malicious code would execute, and exploit the WinRT PDF vulnerability in the same way exploit kits like Angler or Neutrino deliver Flash, Java, or Silverlight payloads.

All that an attacker needs to do is to find and create a database of WinRT vulnerabilities it could leverage to distribute his malware via this new attack surface.

Hold your horses everyone!

"A major factor that will affect when and how often we see in-the-wild exploits for WinRT PDF vulnerabilities depends on how difficult it is to exploit them," Mr. Yason explains.

He says that because Windows 10 implemented former EMET features such as ASLR protection and Control Flow Guard, "makes the development of exploits for WinRT PDF vulnerabilities time-consuming and therefore costly for an attacker."

Mr. Yason will be presenting a more in-depth presentation of this attack surface at this year's RSA security conference in San Francisco.

[Image: WhHj0Te.jpg]

SOURCE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Unsecured Database Exposes Personal Data of 35M U.S. Citizens mrtrout 0 791 08-04-2021 , 04:37 AM
Last Post: mrtrout
  Data breach exposes information of more than 200,000 MultiCare staff, patients Bjyda 0 1,085 03-13-2021 , 12:07 AM
Last Post: Bjyda
  Telemarketing Biz Exposes 114,000 in Cloud Config Error Bjyda 0 1,046 03-03-2021 , 11:33 PM
Last Post: Bjyda
  NAT Slipstreaming 2.0 Exposes Devices on Internal Networks to Remote Attacks Bjyda 0 3,676 01-26-2021 , 11:51 PM
Last Post: Bjyda
  Update French daily Le Figaro database exposes users guardian 0 1,222 05-02-2020 , 07:23 AM
Last Post: guardian

Forum Jump:


Users browsing this thread: 1 Guest(s)