PDF Exploit PoC without any user interaction

Last week, Belgian security researcher Didier Stevens demonstrated that a PDF exploitation could be possible with the user only selecting the file (the answer lies in Windows Explorer Shell Extensions).

Now he took it even a level further: you can be vulnerable by just having an infected file. The problem lies with the Windows Indexing Service.

Here is still a list of possible countermeasures:

• Disable JavaScript in Adobe Acrobat Reader.
• An up-to-date anti-virus.
• Host-based IDS/IPS signatures.
• Disable automatic rendering of PDFs in the browser
• Use an alternative PDF reader like Foxit Reader or Sumatra PDF.
• Disable or deinstall windows indexing service.

Related posts:

• Quickpost: /JBIG2Decode “Look Mommy, No Hands!”
  
• Acrobat reader exploit works without opening pdf