Portable Document Format (PDF) files can be used to execute an embedded executable without exploiting any security vulnerabilities. These proof-of-concept PDF files targeting computers running Adobe Acrobat Reader or Foxit Reader PDF software, as Didier Stevens a security researcher warned, runs the embedded executable by launching a command that ultimately runs an executable.
Researcher said that Adobe’s PDF Reader will block the file from automatically opening but he warned that an attacker could use social engineering tricks to get users to allow the file to be opened. With Foxit Reader there is no warning.
This kind of attack does not use JavaScript code and does not exploiting a vulnerability so neither disabling JavaScript neither patching Adobe Reader will prevent this.
A few days later another researcher Jeremy Conway posted an attack showing that PDFs are “wormable”. It’s possible to launch an attack internally from one PDF onto another already existing PDF, raising the possible of a PDF worm.
Finally a further modified attack, showing how a single malicious PDF could infect an unlimited number of documents was posted by Jeremy.
Tags: Adobe Acrobat Reader, Foxit Reader, pdf, security
