1. Computing

The Automatic Opening of PDF Files

By September 29, 2010

Follow me on:

Adobe Reader and Acrobat have very tight integration with the browser. In many cases, the integration is so tight that a website can automatically open a PDF in your browser without your explicit permission. Via this method, attackers can silently deliver Adobe Reader and Acrobat exploits which in turn infect your computer with malware. All without you clicking a thing.

Fortunately, with a simple tweak you can force Adobe Reader / Acrobat to behave and make your browser prompt you for permission before opening PDF files. Unfortunately, there appear to be other ways to forcibly open a malicious PDF without your permission. In his Free Malicious PDF Analysis E-book, security researcher Dieder Stevens shares two additional ways that Adobe Reader and Acrobat automatically invoke PDF files:

"The first thing that can cause involuntary infection is a Widows Shell Explorer Extension installed by Adobe. This Shell Extension is a COM Object that provides Windows Explorer the capability to read a PDF document and use it, for example, to render a preview thumbnail. This rendering can cause the exploit to trigger inside the Windows Explorer process.

The second thing that can bite you is the Windows Indexing Service. Adobe Readers comes with an iFilter, this is a component that gives the Windows Indexing Service the capability to index PDF documents. It is possible to design malicious PDF files so their payload executes when they are indexed. And there is an extra risk if you run with the Windows Indexing Service: it runs under the SYSTEM account! To prevent this, unregister this iFilter (AcroRDlF.dll)."

There are free alternative PDF readers that carry far fewer risks. If you don't want to switch, there are additional security tweaks that will make Adobe Reader and Acrobat safer to use.

Comments
Comments are closed for this post.
Leave a Comment

Line and paragraph breaks are automatic. Some HTML allowed: <a href="" title="">, <b>, <i>, <strike>

©2014 About.com. All rights reserved.