StarForce Reader Does Not Contain a Vulnerability that Allows to Steal User Credentials
At the end of April, the Check Point research team found that opening a PDF file could cause NTLM hash of Windows to leak. The exploitation of this vulnerability in PDF allows criminals to get a remote control over users’ computers. Read more in the article.
StarForce Technologies develops security tools for PDF copy protection. These tools prevent PDF copying, editing, printing and grabbing. To view a protected PDF file you need to use a special application – StarForce Reader.
A special research, performed by StarForce Technologies, has confirmed that PDF and SFPDF files opened with StarForce Reader cannot initiate the leakage of NTLM hashes, because this application does not support the Windows mechanism used in the exploitation of this vulnerability.
StarForce Technologies specialist comments:
“The vulnerability was found in the Windows SMB protocol that works with shared folders. Windows caches the user name, domain name and password hash, so that the system does not request it every time you access public folders. Now the question is how to get the user to access the server of the attacker using the SMB protocol? That's what helps make the PDF. In PDF format, you can specify an additional action (AA entry) for different events. One option is to "open a third-party file". If the action is specified for the event that always occurs when the document is opened (for example, the page open event), and the file addresses are specified in the format accepted in Windows for shared folders (\\ <server_address> \ <file_name>), when opening such a PDF the SMB protocol will automatically be accessed to the specified attacker's server. Thus, the hacker will receive a username along with the domain name and hash of the password, which can be picked up and accessed on the network and on the user's computer. In StarForce Reader, our PDF viewer, this Windows mechanism is disabled”.
About StarForce Technologies
StarForce Technologies (www.star-force.com) is a leading vendor of information protection, copy protection and code obfuscation solutions for software, electronic content and audio/video files. Since 2000, StarForce has been successfully developing and implementing its state-of-the-art security solutions, providing copyright and intellectual property protection worldwide. Two of these solutions were transformed into StarForce cloud services: sfcontent.com protects e-Documents against illegal copying and distribution and sfletter.com secures emails.
StarForce is a reliable and responsible Technological Partner for enterprises potentially incurring losses due to cyber-gangs, hackers, software piracy, unauthorized data access and information leaks. StarForce’s customers are Russian Railways, Corel, 1C, Mail.ru, Aeroflot, SUN InBev Russia, AMD Labs, ATC International, MediaHouse, Russobit M, New Disc, Buka, Snowball, 2Play, GFI, CENEGA, Akella, etc.