Adobe Acrobat bug can lead to malware installs without even opening an infected file

Posted on March 7, 2009. Filed under: Adobe | Tags: , , , |

By Stephen Schenck,

adobe-acrobatIf you’ve been living in fear of opening any suspicious PDF files since we let you know about a still-unpatched bug in Adobe Acrobat that could expose your PC to a malware infection, we’ve got some bad news for you: it turns out that, due to how the bug is integrated into the software, it’s possible for malware authors to still get into your system, even if you never actually open an infected file.

The bug affects only Windows computers running Acrobat version 7 or later. Because the program doesn’t correctly read PDF files containing a certain type of compressed image, a specially-crafted PDF can at once crash Acrobat and inject its own code into the system, beginning a malware installation. Even though this bug’s been public knowledge for weeks, and exploits are already out taking advantage of it, Adobe has been delaying its release of a patch to fix it, scheduled to be available on the 11th.

While you may have thought to play it safe by not opening new PDFs, or installing a program other than Acrobat to view them, that no longer looks to be a fix. As part of its installation, Acrobat adds extensions to Windows Explorer to let it understand information embedded in PDFs. This way, you can make use of metadata like a document’s title or author when sorting files in Explorer.

A security researcher found out that the code that triggers this PDF bug can be placed inside that metadata. Just hovering your mouse cursor over the infected file, not even clicking on it, will cause Explorer to try to read the PDF, setting things off. This is dangerous because even if you installed a new PDF reader, you may still have these Explorer extensions installed, leaving your system vulnerable.

If you want to be safe for now, make sure you totally uninstall Acrobat, not just use another PDF program alongside it. Luckily there’s only a week left until the fix should be out, though it’s frustrating it’s taking Adobe this long. If your curious, check out a video of the exploit being demonstrated after the break.

Read Full Post | Make a Comment ( None so far )

Liked it here?
Why not try sites on the blogroll...