Home A New Twist to the Adobe Vulnerability

A New Twist to the Adobe Vulnerability

If you think it is safe to download PDF documents and view them once Adobe finally releases its patch next week, think again. Didier Stevens, an IT security consultant last week demonstrated that simply viewing the folder containing compromised PDF documents within Microsoft’s Windows Explorer is enough to launch the exploit.


It appears that this is due to Adobe’s shell extension for Windows Explorer which allows the malicious code to be invoked in three ways; when hovering over a PDF document, single clicking on a PDF document, or viewing the thumbnail.

Adobe Acrobat Reader installs a shell extension, which is code that is executed by Explorer to retrieve metadata (from a PDF file in this instance). The Adobe shell extension adds this extra data so that users can see details about a file at a glance in Windows Explorer. Details such as Title, Author, Subject, Size and thumbnail image; details that typically occur in tooltips.

Stevens created a PDF which exploits the vulnerability not within the main document information, but rather, its metadata. Using this technique, he was able to crash Windows Explorer by doing the following:

  1. Selecting a vulnerable PDF document within the folder
  2. Viewing thumbnails of a folder containing a vulnerable PDF document.
  3. Hovering the mouse over a vulnerable PDF document

“Under the right circumstances, a Windows Explorer Shell Extension will read the PDF document to provide extra information, and in doing so, it will execute the buggy code and trigger the vulnerability. Just like it would when you would explicitly open the document,” Stevens explained.

Stevens proof of concept caused Explorer to crash, however, someone with dubious intentions can exploit the vulnerability to potentially do anything they like on your system.

Adobe acknowledged this vulnerability in all versions of Adobe Reader on February 19, 2009 and categorized it as a critical issue. An update is expected next week for Reader 9 and Acrobat 9.

Unfortunately, Adobe’s advice to disable JavaScript is useless when it comes to this new twist and therefore we recommend you take John Paczkowski’s advice from a few weeks ago: AdobeAcrobatUninstall.exe

Note: Stevens has produced a short video showing how these vulnerabilities can be triggered; we’ve embedded it below.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.