Now Adobe PDF Executes Malicious Code Without Clicking

Unpatched critical vulnerability affecting the latest versions of Acrobat and Adobe Reader has become more dangerous. IT Security Consultant at Contraste Europe, Didier Stevens, has shown that the bug can be exploited without even opening a malformed PDF file, as reported by softpedia on March 9, 2009.

It has been more than fourteen days since members of the cyber crime fighting outfit "The Shadowserver Foundation" cautioned about zero day vulnerability in Adobe and Acrobat Reader which was exploited through maliciously created PDF files. But things turned worse when researchers at Secunia (a vulnerability intelligence firm) declared that they had created a proof-of-concept exploit for it that did not depend on JavaScript.

Apart from this, the exploit methods shown by Stevens use the Windows Explorer Shell Extension which is downloaded with Adobe Reader. Adobe Reader downloads a shell extension, a code used by Explorer to retrieve metadata (in this case, from a PDF file). This shell extension inserts additional data so that the users can view details about a file at one look in Windows Explorer.

The feature makes a conduit between Windows Explorer and Adobe Reader. It implies that just moving the cursor over a booby trapped file or selecting it can enable the malicious code to download on the system. If thumbnail view is selected, the danger is similar.

In all these cases, the problem is due to simply reading a maliciously created document to trigger code execution. It seems that this is because of Adobe's shell extension for Windows Explorer which enables the harmful code to be expanded in these manners.

On March 11, 2009, Adobe released a 9.1 update for users of Macintosh and Windows. The company claims that the fix is only available for version 9, and the updating versions for 7 and 8 will be released by March 18. The users of UNIX will get their update by March 25. The security consultants cautioned that in spite of all this, users should be alert when they handle malicious files.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 16-03-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next