Adobe has acknowledged the flaw that can cause large problems with malicious PDF files. The flaw, diagnosed by Petko Petkov several weeks ago, has now been admitted, and further, Adobe has shed dome light on exactly what is causing the problem.

The malicious PDF can throw a mailto: command at the operating system, and thereby cause the default e-mail program to respond. This can lead to the exploit of the entire system.

Adobe has posted a temporary fix, involving an edit of the registry. Why they did this is anybody’s guess. Would it not have made more sense to provide a .reg file, and tell the user, after confirmation through a hash, that they should simply merge the file? This is certainly easier for the oblivious, average user than asking them to use the registry editor.

On the other hand, I believe I have an easier solution. [Attention: This is a suggestion. I am merely saying it should work - if we have been given the proper information as to how the exploit takes place. Do not blame me if it does not work. Remember, for now, the only certain solution is DO NOT OPEN PDFs!]

The solution is this. If you use  a firewall that has a task tray icon, and allows you to completely disable internet access {I use Sygate, it does…so does Comodo, sometimes without user input!} you can use that to disable access, read your PDF, and then, after closing the PDF, reacquire internet connectivity. If you don’t have one of these firewalls, you can also close off access through the control panel, through the network applet, or, as a brute force method, pull the cable out of your machine, while reading PDFs. An additional benefit should be that if you do have a bad PDF, the OS should throw an error message at you when you read the affected file. Reporting this could help track down those who would try to ruin our otherwise nice day.

All of these will keep you from having to edit the registry, and provide a way to use those PDF files that seem to be everywhere, and are used for everything these days.

- 

[tags] Adobe, Adobe Reader, PDF, exploit, Petkov, registry edits, .reg files, merge entries [/tags]