PDF Files have been misused in the past to execute malware on the system . Network security company Minerva Labs The researchers explained that , One way is in the documentation “OpenAction” Section to add a command to run PowerShell Command to carry out malicious activities .
Minerva Labs Express :“ since 2022 year 3 Since the month , We see Adobe Acrobat Reader Gradual increase of process , Try to get DLL To query which security products are loaded DLL”.
According to a report this week , The list has grown to include security products from different vendors 30 individual DLL. More popular with consumers are Bitdefender、Avast、 The trend of science and technology 、 symantec 、Malwarebytes、ESET、 kaspersky 、F-Secure、Sophos、EMSIsoft.
The list is as follows :
Trend Micro
BitDefender
AVAST
F-Secure
McAfee
360 Security
Citrix
Symantec
Morphisec
Malwarebytes
Checkpoint
Ahnlab
Cylance
Sophos
CyberArk
Citrix
BullGuard
Panda Security
Fortinet
Emsisoft
ESET
K7 TotalSecurity
Kaspersky
AVG
CMC Internet Security
Samsung Smart Security ESCORT
Moon Secure
NOD32
PC Matic
SentryBay
The query system is through “libcef.dll” Accomplished , This is a program used by various programs Chromium Embedded Framework (CEF) Dynamic link library . although Chromium DLL A short list of components is attached , They are blacklisted because they can lead to conflict , But vendors using it can make changes and add whatever they want DLL.
The researchers explained ,“libcef.dll By two Adobe Process load :AcroCEF.exe and RdrCEF.exe”, Therefore, both products are checking whether there are components of the same security product in the system .
Observe the injection carefully Adobe Process DLL What's going to happen ,Minerva Labs Find out Adobe Check registry key “SOFTWARE\Adobe\Adobe Acrobat\DC\DLLInjection\” Under the bBlockDllInjection Whether the value is set to 1. If it is , It will prevent anti-virus software from DLL Injected process .
according to Minerva Labs researcher Natalie Zargarov That's what I'm saying , The default value of the registry key is set to “1”—— Indicates active blocking . This setting may depend on the operating system or the installed Adobe Acrobat edition , And other variables on the system .
Adobe Reply BleepingComputer Time confirmation , The user has reported... Due to some security products DLL Components and Adobe Acrobat Yes CEF Problems caused by incompatible use of Libraries .
Adobe Express :“ We know that there are reports that some of the security tools DLL And Adobe Acrobat Yes CEF The use of is incompatible ,CEF It's based on Chromium The engine of , With limited sandbox design , And may cause stability problems ”.
The company added , It is currently working with these suppliers to solve this problem , and “ Ensure the future Acrobat Of CEF Sandbox design has the right function .”Minerva Labs The researchers believe that ,Adobe The solution chosen can solve the compatibility problem , But by preventing the security software protection system, the real attack risk is introduced .
![[solved] data duplication or data loss after laravel paginate() paging](/img/68/7bf51bbf893a91bee24f5f7d4a369f.jpg)