StarForce Reader does not contain a vulnerability that allows to steal user credentials

At the end of April, the Check Point research team found that opening a PDF file could cause NTLM hash of Windows to leak.

The exploitation of this vulnerability in PDF allows criminals to get a remote control over users’ computers. Read more in the article.

StarForce Technologies develops security tools for PDF copy protection. These tools prevent PDF copying, editing, printing and grabbing. To view a protected PDF file you need to use a special application – StarForce Reader.

A special research, performed by StarForce Technologies, has confirmed that PDF and SFPDF files opened with StarForce Reader cannot initiate the leakage of NTLM hashes, because this application does not support the Windows mechanism used in the exploitation of this vulnerability.

StarForce Technologies specialist comments:

“The vulnerability was found in the Windows SMB protocol that works with shared folders. Windows caches the user name, domain name and password hash, so that the system does not request it every time you access public folders. Now the question is how to get the user to access the server of the attacker using the SMB protocol? That's what helps make the PDF. In PDF format, you can specify an additional action (AA entry) for different events. One option is to "open a third-party file". If the action is specified for the event that always occurs when the document is opened (for example, the page open event), and the file addresses are specified in the format accepted in Windows for shared folders (\\ <server_address> \ <file_name>), when opening such a PDF the SMB protocol will automatically be accessed to the specified attacker's server. Thus, the hacker will receive a username along with the domain name and hash of the password, which can be picked up and accessed on the network and on the user's computer. In StarForce Reader, our PDF viewer, this Windows mechanism is disabled”.

To download StarForce Reader please click this link. To get a free trial for PDF copy protection please visit SFContent.com.