| Home | About Us | Products | Support | Downloads | Resellers | Links |
|
|
|
||||||||
|
|||||||||
|
Latest Ôhreats
PDF (Portable Document Format) files can be used in new highly dangerous scripting attacks. Urgency: Large (Small/Medium/Large/Urgent) Description Inter Engineering and Clearswift warn about a new and very serious vulnerability that allows execution of javascript appended to a URL by simply referencing any innocent PDF on any accessible web site. The attacker does not need to have any access to the PDF. The maliciously-formed URL can be hosted on a web page or sent to a target in HTML email. If such a maliciously-formed URL is clicked on the appended javascript will run in the browser, when the PDF file is downloaded. This renders many sites holding innocent PDFs open to becoming unwitting participants in Cross-site Scripting attacks. If the file protocol is used rather than http then local desktop filesystem can be exposed to attack. If you cannot guarantee that all your users are (a) using Internet Explorer v.6.0 SP2 or higher (b) are not using any version of the Firefox browser or (c) have updated to Adobe Acrobat Reader v.8 then your organisation may be exposed to this serious threat. Given the very low technical skill level needed to mount such attacks, we expect to see spammers and phishers exploiting this in the wild very soon. Suggested solutions Inter Engineering offers the Mimesweeper solutions for ultimate Content Security for email and web traffic on the corporate Gateway. Mimesweeper for SMTP Mimesweeper for Web Available as software or appliance Ábout Inter Engineering Inter Engineering is one of the few companies in the world dedicated to Data Security. Founded in 1991 focused on the fighting of computer Viruses, through the years the company has developed invaluable knowledge on numerous highly important Data Security Issues such as Computer Virus prevention, detection and removal, Content Security, Cryptography, logical and physical Access Control, Biometrics, Copy Protection and Data Recovery. Highly responsible Inter Engineering contributes to the professionalism of data and business integrity protection by means of activities which range from painstaking research activities up to solution providing.
Inter Engineering offers Consulting, Products and Services. The
company’s activity territory consists of Greece, Cyprus and the rest
of the Balkan countries. Cooperating with globally leading companies
and organizations the most up to date and efficient solutions are
guaranteed. To contact us: Tel. +30.2410.670030 Fax.+30.2410.670006 Email: info@inter-datasecurity.com
|