Sony PS3 Slim image gallery

Join Obsessable Sign In

Chief Information Officer wants cloud computing, more commercial gadgets in the government Bill Clinton's autographed (PRODUCT) RED iPod up for bid on eBay

Acrobat bug can lead to malware installs without even opening an infected file

Because Adobe builds parts of Acrobat into Windows Explorer, you can trigger the bug unintentionally.

Digg del.icio.us Facebook StumbleUpon Twitter

Computing | by Stephen Schenck | Thu Mar 5, 2009 5:06PM | 2 comments

If you've been living in fear of opening any suspicious PDF files since we let you know about a still-unpatched bug in Adobe Acrobat that could expose your PC to a malware infection, we've got some bad news for you: it turns out that, due to how the bug is integrated into the software, it's possible for malware authors to still get into your system, even if you never actually open an infected file.

The bug affects only Windows computers running Acrobat version 7 or later. Because the program doesn't correctly read PDF files containing a certain type of compressed image, a specially-crafted PDF can at once crash Acrobat and inject its own code into the system, beginning a malware installation. Even though this bug's been public knowledge for weeks, and exploits are already out taking advantage of it, Adobe has been delaying its release of a patch to fix it, scheduled to be available on the 11th.

While you may have thought to play it safe by not opening new PDFs, or installing a program other than Acrobat to view them, that no longer looks to be a fix. As part of its installation, Acrobat adds extensions to Windows Explorer to let it understand information embedded in PDFs. This way, you can make use of metadata like a document's title or author when sorting files in Explorer.

A security researcher found out that the code that triggers this PDF bug can be placed inside that metadata. Just hovering your mouse cursor over the infected file, not even clicking on it, will cause Explorer to try to read the PDF, setting things off. This is dangerous because even if you installed a new PDF reader, you may still have these Explorer extensions installed, leaving your system vulnerable.

If you want to be safe for now, make sure you totally uninstall Acrobat, not just use another PDF program alongside it. Luckily there's only a week left until the fix should be out, though it's frustrating it's taking Adobe this long. If your curious, check out a video of the exploit being demonstrated after the break.

This story around the web:

Trusted sources:
external link Zero-day Adobe PDF peril goes click free •… [theregister.co.uk]
external link Quickpost: /JBIG2Decode Trigger Trio «… [blog.didierstevens.com]
external link PDF Vulnerability Now Exploitable With No… [Slashdot]

Get more information on topics relating to this story:


Related company news:
Adobe
Related glossary terms:
Malware, PDF
Related devices and services:
Adobe Acrobat

Comments (2)

Add a comment Inappropriate or promotional comments may be removed.

Reply
Anonymous (1:30 PM on Fri Mar 6, 2009)

I'm wondering if this would also affect and be risk to the word processor "Buzzword" and those that use this? Should the use of this also be avoided?

[http://www.adobe.com/acom/buzzword/]

Reply
Lucio Jose Pita Marques external link (8:01 AM on Thu Mar 12, 2009)

Bood Mooning,
I allso be infected by a Adobe Reader 9.1
I don't access at "Gmail"...
Please can't anybody tell me what to do?

Add a comment

Click one of the three commenter types below. Member comments are added immediately once you confirm your email address. Anonymous comments are moderated by our editorial staff.

I want to comment as a new member an existing member anonymously

Email me

  

Comment Preview
Anonymous (6:33 PM on Sat Nov 7, 2009)

Preview your comment here.

Inappropriate or promotional comments may be removed. To create a clickable link, simply type the URL (including http://) and we will make a link for you. Line breaks and paragraphs are automatically converted — no need to use <p> or <br> tags, but if you're into that kind of thing, you can use any of the following tags: b, i, strong, em, a (href only), p and br.