Security Flaw in Adobe Reader Allows Malicious PDF Files to Run Programs on Your Computer

   9/24/2007 |  9/24/2007 |  2 Comments
Category: Security
The Internet Patrol default featured image
Share the knowledge

The security folks who call themselves “creative hackers” over at Gnucitizen have announced that they have discovered a security flaw in Adobe Reader which will allow someone to remotely run programs on your Windows PC.

Said chief creative hacker “pdp” (‘Petko D. Petkov’), “I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one.”

PDFs have become the mainstay of document transmission for many businesses, and so a security hole exploit has the potential to impact millions of businesses. While the flaw and its attendant exploit have been proven by the Gnucitizen folks with Adobe Reader 8.1 and Windows XP SP2, they say that it affects previous versions as well.

Gnucitizen has posted a video which demonstrates the flaw being exploited, although in this instance – for purposes of example only – the flaw is used to cause the Windows calculator program to be run when the PDF is opened. Another PDF is used to cause the Notepad program to run. Obviously, a criminal exploiting this flaw would be running a much more malicious program on your computer.

Here’s the video:

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

So what should you do when you get an unexpected PDF file? Well, until Adobe issues a patch, use another program to open your PDF files.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 

More from the Internet Patrol:

Target Credit Card Breach: Data Stolen for All Sales Between 11/27 and 12/15
Colorado Second State to Enact New Consumer Data Protection Law in 90 Days
Gmail’s Spam Problem and What You Can Do About It
Bug in FaceTime Lets Callers Hear Your Audio Even if You Haven't Accepted the Call - Also How to Dis...
Your Roomba May be Mapping Your Home and Sharing Your Home Map
Don't Click On or Open Screenshot[.]photos Links!
Microsoft Admits Breach, Hackers Accessed Users' Outlook, Hotmail, and MSN Email for Months (Full Te...
If You Get a Notice from GoDaddy that They are Suspending an Email Address DON'T Click on It!

Share the knowledge

2 thoughts on “Security Flaw in Adobe Reader Allows Malicious PDF Files to Run Programs on Your Computer

  1. Since this is an “Adobe” issue; is it not possible that a hack could be created to attack any OS platform on which it lands?

    Is there a connection between this and the “benign” PDF’s circulating around emails for the last quarter?

    Back a few months ago, we were told that, since the contents were in PDF, all they were considered to be was spam. Was this an error? Or were people being conditoned to be less wary of PDF’s before the punch was scheduled to be rolled out?

    Reply

  2. I was told that there was no risk to those who simply use the free reader. One must have the full Acrobat software installed. Which is true?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.