2007 - 1,322 views, 2 Comments

Summary: The security folks who call themselves "creative hackers" over at Gnucitizen have announced that they have discovered a security flaw in Adobe Reader which will allow someone to remotely run programs on your Windows PC. "All it takes is to open a PDF document or stumble across a page which embeds one," they explain.

Previous Article « Syncing Your Life with the T-Mobile Sidekick (and Get the Sidekick for Free!)
Read Next Article » Google to Build Massive Undersea Internet Cable Across the Pacific Ocean

The security folks who call themselves “creative hackers” over at Gnucitizen have announced that they have discovered a security flaw in Adobe Reader which will allow someone to remotely run programs on your Windows PC.

Said chief creative hacker “pdp” (’Petko D. Petkov’), “I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one.”

PDFs have become the mainstay of document transmission for many businesses, and so a security hole exploit has the potential to impact millions of businesses. While the flaw and its attendant exploit have been proven by the Gnucitizen folks with Adobe Reader 8.1 and Windows XP SP2, they say that it affects previous versions as well.

Gnucitizen has posted a video which demonstrates the flaw being exploited, although in this instance - for purposes of example only - the flaw is used to cause the Windows calculator program to be run when the PDF is opened. Another PDF is used to cause the Notepad program to run. Obviously, a criminal exploiting this flaw would be running a much more malicious program on your computer.

Here’s the video:

So what should you do when you get an unexpected PDF file? Well, until Adobe issues a patch, use another program to open your PDF files.

Email the link for this page to a friend!

» Security Hole in Adobe PDF Reader and Acrobat PDF Viewer, Warns Adobe

» Serious Vulnerability in Windows Media Player, Windows and MSN Messenger

» Outlook Express Flaw Elevated to Higher Risk

For additional similar stories check out our archives on Security

2 Comments »

Since this is an “Adobe” issue; is it not possible that a hack could be created to attack any OS platform on which it lands?

Is there a connection between this and the “benign” PDF’s circulating around emails for the last quarter?

Back a few months ago, we were told that, since the contents were in PDF, all they were considered to be was spam. Was this an error? Or were people being conditoned to be less wary of PDF’s before the punch was scheduled to be rolled out?

Comment by Ted Bruner — 9/24/2007 @ 9:56 am
I was told that there was no risk to those who simply use the free reader. One must have the full Acrobat software installed. Which is true?

Comment by Tom Buneo — 9/24/2007 @ 10:39 am

RSS feed for comments on this post.

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!
If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.
Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>