New possible PDF exploit discovered

Security researcher and PDF researcher Didier Stevens alerted the world to a new PDF hack he discovered this week while testing PDFs.

Stevens revealed the new potentially dangerous hack on his blog and noted:

‘This is a special PDF hack: I managed to
make a PoC PDF to execute an embedded executable without exploiting any vulnerability! I use a launch action triggered by the opening of my PoC PDF. With Adobe Reader, the user gets a warning asking for approval to launch the action, but I can (partially) control the message displayed by the dialog. Foxit Reader displays no warning at all, the action gets executed without user interaction.’

Didier also noted on his blog that while PDF viewers like Adobe Reader and Foxit Reader don’t allow embedded executables, he was able to launch a command and ultimately run an executable using a special technique and that did not require approval by the user.

Didier also provided a link in his blog post to a downloadable ZIP file for users to test their PDF readers. (See his full blog post for a link.)

Larry Seltzer posted a blog post on PCMag’s blog, about the discovery and their own testing of PDF readers.

As of this news deadline, Adobe has yet to make a statement about the discovery or given direction in regard to how to prevent this possible hack.

You May Also Like

About the Author: Nettie Hartsock

Leave a Reply