Now Adobe PDF Executes Malicious Code Without Clicking
Unpatched critical vulnerability affecting the latest versions of Acrobat and Adobe Reader has become more dangerous. IT Security Consultant at Contraste Europe, Didier Stevens, has shown that the bug can be exploited without even opening a malformed PDF file, as reported by softpedia on March 9, 2009.
Apart from this, the exploit methods shown by Stevens use the Windows Explorer Shell Extension which is downloaded with Adobe Reader. Adobe Reader downloads a shell extension, a code used by Explorer to retrieve metadata (in this case, from a PDF file). This shell extension inserts additional data so that the users can view details about a file at one look in Windows Explorer.
The feature makes a conduit between Windows Explorer and Adobe Reader. It implies that just moving the cursor over a booby trapped file or selecting it can enable the malicious code to download on the system. If thumbnail view is selected, the danger is similar.
In all these cases, the problem is due to simply reading a maliciously created document to trigger code execution. It seems that this is because of Adobe's shell extension for Windows Explorer which enables the harmful code to be expanded in these manners.
On March 11, 2009, Adobe released a 9.1 update for users of Macintosh and Windows. The company claims that the fix is only available for version 9, and the updating versions for 7 and 8 will be released by March 18. The users of UNIX will get their update by March 25. The security consultants cautioned that in spite of all this, users should be alert when they handle malicious files.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 16-03-2009