Wednesday, March 11, 2009

PDF Exploit PoC without any user interaction

Last week, Belgian security researcher Didier Stevens demonstrated that a PDF exploitation could be possible with the user only selecting the file (the answer lies in Windows Explorer Shell Extensions).

Now he took it even a level further: you can be vulnerable by just having an infected file. The problem lies with the Windows Indexing Service.

Here is still a list of possible countermeasures:
  • Disable JavaScript in Adobe Acrobat Reader.
  • An up-to-date anti-virus.
  • Host-based IDS/IPS signatures.
  • Disable automatic rendering of PDFs in the browser
  • Use an alternative PDF reader like Foxit Reader or Sumatra PDF.
  • Disable or deinstall windows indexing service.

Related posts: