Malicious PDF file could crash Windows systems

A security researcher Didier Stevens has found a way to run arbitrary program code on computers with Windows operating system by embedding it in a malicious PDF file.

The peculiarity of this discovery is that it doesn’t exploit any software vulnerability. The code will run when viewed in two popular PDF reader applications, “Adobe Acrobat Reader” and “Foxit Reader“. While applications don’t allow embedded executables to run directly, Stevens found a way to run file via different launch command. Upon opening the rigged document, “Adobe Reader” application will display a warning message saying that launching code could harm the computer. Steven also found a way to change part of the message to persuade the user to allow the execution. In his example, he launches a calculator program, but that could be replaced with some malicious software. Foxit's document reader does not display a warning, so an executable could be launched merely by opening the manipulated PDF. Researcher didn’t publish complete description of the arbitrary code execution, but just the first step. Also, he published a malicious PDF file that will just launch program cmd.exe. Users which want to find out more information should visit web site NetworkWorld.