Main Area and Open Discussion > General Software Discussion

Acrobat bug can lead to malware installs without even opening an infected file

(1/7) > >>

mouser:
If you've been living in fear of opening any suspicious PDF files since we let you know about a still-unpatched bug in Adobe Acrobat that could expose your PC to a malware infection, we've got some bad news for you: it turns out that, due to how the bug is integrated into the software, it's possible for malware authors to still get into your system, even if you never actually open an infected file.

The bug affects only Windows computers running Acrobat version 7 or later. Because the program doesn't correctly read PDF files containing a certain type of compressed image, a specially-crafted PDF can at once crash Acrobat and inject its own code into the system, beginning a malware installation. Even though this bug's been public knowledge for weeks, and exploits are already out taking advantage of it, Adobe has been delaying its release of a patch to fix it, scheduled to be available on the 11th.

--- End quote ---


http://www.obsessable.com/news/2009/03/05/acrobat-bug-can-lead-to-malware-installs-without-even-opening-an-infected-file/





from http://www.downloadsquad.com/2009/03/05/adobe-reader-bug-more-dangerous-than-originally-tought/

f0dder:
Oh wonderful, exploits for metadata parsing in the document handler? Greeeeat code, adobe.

Good thing I haven't had Adobe Reader installed for a long time :)

lanux128:
just when you thought it was safe to go back to Adobe Reader.. i wonder if Foxit is also affected by this bug. :-\

f0dder:
just when you thought it was safe to go back to Adobe Reader.. i wonder if Foxit is also affected by this bug. :-\-lanux128 (March 06, 2009, 03:50 AM)
--- End quote ---
Why would you go back to adobe? :)

But no, Foxit shouldn't be affected by the bug - unless they've copied Adobe's document handler :) (but as the article says: if you have adobe reader installed on your system, it doesn't matter if you use another program to view PDF files.)

app103:
it turns out that, due to how the bug is integrated into the software, it's possible for malware authors to still get into your system, even if you never actually open an infected file.

The bug affects only Windows computers running Acrobat version 7 or later. Because the program doesn't correctly read PDF files containing a certain type of compressed image, a specially-crafted PDF can at once crash Acrobat and inject its own code into the system, beginning a malware installation.

--- End quote ---

i wonder if Foxit is also affected by this bug.
-lanux128 (March 06, 2009, 03:50 AM)
--- End quote ---

I believe this is the thumbnails that Adobe Reader displays in Explorer, which Foxit doesn't. So you could be safe from this, unless it also affects the other data displayed such as author & title.

Without Adobe Reader on your system (I uninstalled it awhile back because I got totally fed up) Foxit doesn't display pretty little image thumbnails of PDF files. You get the default Foxit icon and nothing more.

With Adobe Reader on your system, even though Foxit is your default reader, you still get those pretty exploitable thumbnail images in PDF files showing in Explorer.

Something similar happened awhile back with HTML thumbnails, and this is why you don't see them in Explorer any more. Microsoft removed the ability to render thumbnails of html pages located on your hard drive with one of the service packs in Win2k, and XP SP2. The only versions of Windows still able to render HTML thumbnails in Explorer is 2k & XP that hasn't been updated and Win9x.

Incidentally, there are other applications using Adobe's PDF technology, including their thumbnail rendering stuff...namely digital magazine & textbook readers that have licensed the technology from Adobe, like Zinio Reader (Adobe Reader on steroids, with special DRM stuff). So even if you uninstall Adobe Reader from your system, if you have Zinio installed for automatic delivery and ability to read your magazines & textbooks offline, it's quite possible that you could still be vulnerable. So if you get magazines from Zinio, it might be in your best interest to uninstall their reader and use their web reader to read your magazines online. (I am not about to install their huge bloated reader to test if it restores the pdf thumbnails in Explorer, or just their magazine thumbnails)

If you have textbooks from Zinio, I am not sure if they allow online viewing of those, so I don't know what to suggest for you to do.

I am starting to get suspicious of anything that can render thumbnails of images in Explorer, because I think the vulnerability has it's roots in Explorer itself. I am wondering if I should turn off Explorer thumbnails in Paintshop Pro (for .psp & .tub files), before someone figures out how to exploit that too.

Navigation

[0] Message Index

[#] Next page