Languagesx
English Deutsch 日本 한국어
Subscribe
Home A New Twist to the Adobe Vulnerability

A New Twist to the Adobe Vulnerability

If you think it is safe to download PDF documents and view them once Adobe finally releases its patch next week, think again. Didier Stevens, an IT security consultant last week demonstrated that simply viewing the folder containing compromised PDF documents within Microsoft’s Windows Explorer is enough to launch the exploit.


It appears that this is due to Adobe’s shell extension for Windows Explorer which allows the malicious code to be invoked in three ways; when hovering over a PDF document, single clicking on a PDF document, or viewing the thumbnail.

Adobe Acrobat Reader installs a shell extension, which is code that is executed by Explorer to retrieve metadata (from a PDF file in this instance). The Adobe shell extension adds this extra data so that users can see details about a file at a glance in Windows Explorer. Details such as Title, Author, Subject, Size and thumbnail image; details that typically occur in tooltips.

Stevens created a PDF which exploits the vulnerability not within the main document information, but rather, its metadata. Using this technique, he was able to crash Windows Explorer by doing the following:

  1. Selecting a vulnerable PDF document within the folder
  2. Viewing thumbnails of a folder containing a vulnerable PDF document.
  3. Hovering the mouse over a vulnerable PDF document

“Under the right circumstances, a Windows Explorer Shell Extension will read the PDF document to provide extra information, and in doing so, it will execute the buggy code and trigger the vulnerability. Just like it would when you would explicitly open the document,” Stevens explained.

Stevens proof of concept caused Explorer to crash, however, someone with dubious intentions can exploit the vulnerability to potentially do anything they like on your system.

Adobe acknowledged this vulnerability in all versions of Adobe Reader on February 19, 2009 and categorized it as a critical issue. An update is expected next week for Reader 9 and Acrobat 9.

Unfortunately, Adobe’s advice to disable JavaScript is useless when it comes to this new twist and therefore we recommend you take John Paczkowski’s advice from a few weeks ago: AdobeAcrobatUninstall.exe

Note: Stevens has produced a short video showing how these vulnerabilities can be triggered; we’ve embedded it below.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the gambling and blockchain industries for major developments, new product and brand launches, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags

Related News

Incognito on Google Chrome
Google might be making it easier to go Incognito in Chrome
Rachael Davies
YouTube home page on a laptop with videos visible
YouTube videos no longer playing for adblocker users as platform crackdowns
Sophie Atkinson
Suspect arrested in $100M Incognito Market dark web drugs operation. The image depicts a scene of a dark web marketplace. The setting appears to be a dimly lit, underground room with neon lights. The sign above the entrance reads "DARK WEB MARKETPLACE" in bright red neon letters. Inside, several individuals are seated at tables, each interacting with holographic computer screens displaying various illegal goods and activities, such as a marijuana leaf and cryptocurrency symbols. The individuals are dressed in dark, hooded clothing, with some wearing masks and goggles to conceal their identities. The atmosphere is secretive and tense, highlighting the illicit nature of the transactions taking place.
Suspect arrested in $100M Incognito Market dark web drugs operation
Suswati Basu
Microsoft pending an update
How to uninstall Microsoft Edge
Rachael Davies
A stunning 3D render of a detailed map of Europe, characterized by intricate lines of connectivity crisscrossing the entire continent. The map is rendered in a muted color palette, with distinct shades of green, brown, and gray for landmasses, and a vibrant blue for bodies of water. The connectivity lines, shimmering with a subtle glow, highlight the interconnectedness of cities, countries, and regions, symbolizing the flow of people, ideas, and commerce.,
Small browser companies like DuckDuckGo and Ecosia see user surge in Europe
Sophie Atkinson

Most Popular Tech Stories

Latest News

Official Rangers FC image of the team line up v Athletic Club in the Europa League quarter-final, second leg /
Betting

Rangers FC showcases TeamTalk support initiative, funded by FDJ United
Graeme Hanna4 hours

Rangers Football Club showcased its TeamTalk initiative ahead of the crucial Europa League quarter-final clash against Athletic Club in Bilbao, Spain. The mental health programme is funded by Rangers' primary...

Popular TopicsArrow right.svg

Betting
Betting
Betting
Casino
Casino
Casino
Payments
Payments
Payments
Slots
Slots
Slots
Poker
Poker
Poker
Software
Software
Software

Get the biggest iGaming headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Gambling News

    Explore the latest in online gambling with our curated updates. We cut through the noise to deliver concise, relevant insights, keeping you informed about the ever-changing world of iGaming and its most important trends.

    In-Depth Strategy Guides

    Elevate your game with tailored strategies for sports betting, table games, slots, and poker. Learn how to maximize bonuses, refine your tactics, and boost your chances to beat the house.

    Unbiased Expert Reviews

    Honest and transparent reviews of sportsbooks, casinos and poker rooms crafted through industry expertise and in-depth analysis. Delve into intricacies, get the best bonus deals, and stay ahead with our trustworthy guides.