New variant of PDF attack requires no user action

Researcher Didier Stevens has discovered that the mere storing of a malicious PDF file could trigger an attack targeting a new flaw in Adobe's popular PDF file format. The new vector is possible on a machine with a vulnerable version of Adobe Reader or Acrobat, and where the target machine is running Windows Indexing Services. Windows Indexing Services is a feature that comes with Windows in order to index files in the system.

When Windows Indexing Services picks up an infected PDF file and a vulnerable version of Adobe Reader or Acrobat is running, the malware will be executed. This leads to what is known in security circles as a "privilege escalation."

Previously, Stevens had released proof-of-concept code that demonstrates how opening a malicious PDF file from Windows Explorer could be used to exploit a PC. However, the latest discovery is even more dangerous, considering that it does not require any user interaction at all. The problem here originates from a buffer overflow problem that Adobe is already aware of.

This particular bug can prove troublesome if not quickly addressed, due to the sheer ubiquity of the PDF file format. Users and administrators alike should upgrade to the fixed version of Adobe Reader and Acrobat 9 released earlier this week as soon as possible.

For more on this story:
- check out this article at DarkReading

Related Articles:
Adobe Reader bug allows access to user's local drive
Adobe Reader bug can trigger Firefox/Opera attack
Adobe to release Reader fix this week