Investigating Risks And Exploits Associated With Adobe Reader PDFs

A security researcher has demonstrated a mechanism that exploits PDF files without taking advantage of any particular vulnerabilities. Didier Stevens' proof of concept exploit relies on running an executable embedded in a PDF file - something that ought to be blocked - by launching a command that ultimately runs an executable. In the case of Adobe Reader, such attempted launches generate a pop-up dialog box asking users if they want to proceed. However, this is not necessarily a major hurdle because Stevens was also able to manipulate the text displayed by the pop-up in a way that might easily fool most users.

"With Adobe Reader, the only thing preventing execution is a warning," Stevens explains. "Disabling JavaScript will not prevent this, and patching Adobe Reader isn

The link for this article located at The Register UK is no longer available.