Malicious PDF file doesn't need a software flaw

[Noreen]

A security researcher has found a way to run arbitrary code on Windows computers by embedding it in a malicious PDF file.

The code will run when viewed in two popular PDF reader applications, but the author of the hack says it doesn't exploit a software vulnerability.

PDF readers from Adobe Systems and Foxit don't allow embedded executables to run directly, wrote Didier Stevens on his security blog. But Stevens found a way to get an embedded executable to run via a different launch command................

http://www.pcadvisor.co.uk/news/index.cfm?newsid=3219164

[Glenn]

Thankfully I use PDF Xchange

[Rik]

Likewise. I wonder if he's tested that?

[Noreen]

There is a Foxit update today but I don't know whether it addresses the problem.

Security Update - Foxit (PDF) Reader v3.2.1

What's New in Foxit Reader 3.2?

* Undo and Redo
Allows users to easily correct mistakes by cancelling their previous actions and quickly adding back in changes made with the Undo option, this makes it convenient for users to revoke their performances and enables better editing requirements.
* Expand Current Bookmark
Click the Expand Current Bookmark icon to expand nested bookmarks and highlight the bookmark of the current page.
* Grayscale Printing
Reader 3.2 supports to print in grayscale, using many shades of gray to represent subtle variations in color and light.
* Speed up printing
Foxit Reader has optimized the printing feature, improving the speed of printing dramatically.
* Logical Page Number Support
Display the physical and logical page number on the status bar at the bottom of the working area, enabling you to go right to the desired page fast and accurately.
* Hundreds bugs fixed

http://www.foxitsoftware.com/downloads/reader/reader3.2.html

edit: A post on the forum where I saw this says that this Foxit update does address this issue.

[DarkStar]

A bit more info in this post at Wilders.

http://www.wilderssecurity.com/showthread.php?t=268952

Foxit have already pushed out an update fixing this 
These problems with PDF in whatever viewer you use are why I always download them to the desktop and open them in Sandboxie. Any problem is contained and gone when I close the Sandbox.

[zappaDPJ]

As I've switched to Firefox I thought I'd try Foxit for reading pdf files. It annoyed me right out of the box by giving the option to install a search bar in Firefox and not making it at all obvious how to proceed without it. It annoyed me further by serving me with advertising clearly pulled of the Internet. I'll probably switch back to the Adobe reader as they all seem open to vulnerabilities but at least I won't get hit by advertising spam.

[DarkStar]

As I've switched to Firefox I thought I'd try Foxit for reading pdf files. It annoyed me right out of the box by giving the option to install a search bar in Firefox and not making it at all obvious how to proceed without it. It annoyed me further by serving me with advertising clearly pulled of the Internet. I'll probably switch back to the Adobe reader as they all seem open to vulnerabilities but at least I won't get hit by advertising spam.

Thats strange, I have been using Foxit for two years or so and have never seen anything asking to install a toolbar or any advertising at all and I update it as soon as every new update comes out. Perhaps it's only if you install it with a more recent installer package that that happens. Because of the enormous financial returns that the software developer gets every time a toolbar gets installed and used this will become an ever more prevalent practice.

[Glenn]

Zap, try http://pdf-xchange-viewer.en.softonic.com/ it works very well.

[zappaDPJ]

Thanks, I'll certainly take a look at it

[Rik]

It's well worth it, Zap, I rate the app very highly.

[Den]

I tried Foxit but it would not open half the documents I needed to open each day (reports etc') plus it would not let me choose if I wanted to go back to Adobe reader. I also agree with Zap I did not want a toolbar on IE8 for it so it came off the computer.  

[Technical Ben]

A bit more info in this post at Wilders.

http://www.wilderssecurity.com/showthread.php?t=268952

Foxit have already pushed out an update fixing this 
These problems with PDF in whatever viewer you use are why I always download them to the desktop and open them in Sandboxie. Any problem is contained and gone when I close the Sandbox.

No sandboxie in windoes 7. It should be able to do it natively (as in in windows) without sandboxie, but I doubt MS have programmed it correctly.

[Inkblot]

I'm guessing that the scamers have already latched onto this flaw, I received this email with a PDF attached to it today:

Ladies and Gentlemen.

In order to have your company inserted in the registry of World Businesses for 2010/2011 edition, please print, complete and submit the enclosed form (PDF file) to the following address:

WORLD COMPANY REGISTER
P.O. BOX 3079
3502 GB, UTRECHT
THE NETHERLANDS

Notice the way they are keen for me to see it's a .PDF rather than the more usual .exe but that I'm going to need to post it back to them - no email address was provided and the email address is came from (donotreply @ wbgregsite.com) is fairly obviously not going to be taking replies!

[Rik]

Yet some people will fall for it.

[Noreen]

I saw this interesting thread on Wilders today. http://www.wilderssecurity.com/showthread.php?t=268952

[Rik]

Good news about PDFxChange. 

[Glenn]

Nuance PDF Reader and PDF-XChange Viewer give an error message and prevent it. SumatraPDF prevents it without error message.

[Noreen]

What do you think about the Google PDF viewer?

[Glenn]

I haven't tried it Noreen.

[Rik]

Given it's from Google, I'd be wary of it, tbh.