New possible PDF exploit discovered

April 01, 2010


Security researcher and PDF researcher Didier Stevens alerted the world to a new PDF hack he discovered this week while testing PDFs.

Stevens revealed the new potentially dangerous hack on his blog and noted:

"This is a special PDF hack: I managed to make a PoC PDF to execute an embedded executable without exploiting any vulnerability! I use a launch action triggered by the opening of my PoC PDF. With Adobe Reader, the user gets a warning asking for approval to launch the action, but I can (partially) control the message displayed by the dialog. Foxit Reader displays no warning at all, the action gets executed without user interaction."

Didier also noted on his blog that while PDF viewers like Adobe Reader and Foxit Reader don't allow embedded executables, he was able to launch a command and ultimately run an executable using a special technique and that did not require approval by the user.

Didier also provided a link in his blog post to a downloadable ZIP file for users to test their PDF readers. (See his full blog post for a link.)

Larry Seltzer posted a blog post on PCMag's blog, about the discovery and their own testing of PDF readers.

As of this news deadline, Adobe has yet to make a statement about the discovery or given direction in regard to how to prevent this possible hack.

PDF In-Depth Free Product Trials Ubiquitous PDF

Debenu Quick PDF Library

Get products to market faster with this amazing PDF developer SDK. Over 900 functions and an equally...

Download free demo

Five visions of a PDF Day

In the world of PDFs or as we like to say Planet (of) PDF, a year isn't a real PDF year without an intense few days of industry knowledge sharing.

May 15, 2018
Platinum Sponsor

Search Planet PDF
more searching options...
Planet PDF Newsletter
Most Popular Articles
Featured Product

Debenu PDF Aerialist

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link control. Take Acrobat to the next level.


Adding a PDF Stamp Comment

OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.