반응형
Adobe Reader 대체 프로그램으로 유명한 PDF 문서 관련 프로그램이 DLL Hijacking 보안 취약점을 수정한 PDF-XChange Viewer 2.0 Build 55.0 버전을 공개하였습니다.
- Microsoft 제로데이 취약점 : Microsoft Security Advisory (2269637) - Insecure Library Loading Could Allow Remote Code Execution (2010.8.25)
- <Tracker Software> New Windows DLL hijacking vulnerability (2010.8.30)
참고로 이번 버전에서 수정된 사항은 다음과 같습니다.
- Altered the method commonly used in Windows to load external dlls to prevent any (even theoretical) vulnerability regarding "DLL-hijacking" as reported for Windows applications.
- File Attachment tools are hidden in free version of the viewer when the 'Hide PRO features' option used.
- Fixed possible issues when opening/extracting embedded files within secured documents.
- Fixed issues when rendering some fonts.
- Fixed issues with some non-ascii characters in some PDF files.
- Resolved issue with frame size when viewer is embedded into browser.
- Resolved issue with wrong form fields content created by the viewer.
- Resolved possible issue with layers visibity.
- Added exclusive mode for non-commenting tools (see commenting settings in Edit Menu -> Preferences).
- Implemented function to work with embedded files using JS.
- Shift key is used to temporary toggle exclusive/non-exclusive mode.
- Viewer no longer modifes the Producer field in a document's information fields. Instead it uses a custom information field to store data regarding the version used to save a document.
- Fixed problems with browser plugin in latest FireFox 4 and Opera releases when they use customized title bar's.
- Styles for measure tools now have independent scale values.
해당 취약점을 이용하여 악의적으로 조작된 PDF 문서를 실행할 경우 시스템 감염을 유발시킬 수 있으므로, 해당 프로그램을 이용하시는 분들은 프로그램에서 제공하는 업데이트 체크 기능을 이용하여 최신 버전을 이용하시기 바랍니다.
728x90
반응형