WinRT PDF, is the default Windows 10 PDF Reader application. However, this app is endangering Edge in a way similar to how Flash, Java, and Acrobat applications have exposed Internet users in recent years.
The Windows Runtime (WinRT) PDF Renderer library, or simply WinRT PDF, is a powerful component built into recent versions of the Windows operating system that allows developers to easily integrate a projections PDF within their applications.
Η βιβλιοθήκη χρησιμοποιείται από πολλές εφαρμογές που διανέμονται μέσω του Windows Store. Συμπεριλαμβάνεται σαν προεπιλεγμένη εφαρμογή Reader για PDF στα Windows 8 και 8.1, αλλά και στον Edge browser of Windows 10.
Mark Vincent Yason, a security researcher on the X-Force team Advanced IBM Research found that WinRT PDF can be exploited in drive-by attacks in the same way that attackers used Flash or Java.
WinRT PDF as mentioned above is a PDF reader that Edge uses by default.
So any PDF file that is embedded inside a web page will open in the library. A smart intruder can exploit WinRT PDF with a PDF file that could be hidden by using an iframe outside the CSS screen.
Ο maliciousThis code will exploit the WinRT PDF vulnerability in the same way exploit kits like Angler or Neutrino use to deliver malicious Flash, Java, or Silverlight payloads.
Mr. Yason will present a more in-depth presentation of this attack scenario at congress of RSA Security in San Francisco.
