Security Flaw in Adobe Reader Allows Malicious PDF Files to Run Programs on Your Computer

The Internet Patrol - Patrolling the Internet for You

The security folks who call themselves “creative hackers” over at Gnucitizen have announced that they have discovered a security flaw in Adobe Reader which will allow someone to remotely run programs on your Windows PC.

Said chief creative hacker “pdp” (‘Petko D. Petkov’), “I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one.”


PDFs have become the mainstay of document transmission for many businesses, and so a security hole exploit has the potential to impact millions of businesses. While the flaw and its attendant exploit have been proven by the Gnucitizen folks with Adobe Reader 8.1 and Windows XP SP2, they say that it affects previous versions as well.

Gnucitizen has posted a video which demonstrates the flaw being exploited, although in this instance – for purposes of example only – the flaw is used to cause the Windows calculator program to be run when the PDF is opened. Another PDF is used to cause the Notepad program to run. Obviously, a criminal exploiting this flaw would be running a much more malicious program on your computer.

Here’s the video:

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

So what should you do when you get an unexpected PDF file? Well, until Adobe issues a patch, use another program to open your PDF files.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

2 thoughts on “Security Flaw in Adobe Reader Allows Malicious PDF Files to Run Programs on Your Computer

  1. Since this is an “Adobe” issue; is it not possible that a hack could be created to attack any OS platform on which it lands?

    Is there a connection between this and the “benign” PDF’s circulating around emails for the last quarter?

    Back a few months ago, we were told that, since the contents were in PDF, all they were considered to be was spam. Was this an error? Or were people being conditoned to be less wary of PDF’s before the punch was scheduled to be rolled out?

  2. I was told that there was no risk to those who simply use the free reader. One must have the full Acrobat software installed. Which is true?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.