Adobe Discusses PDF Attack as Foxit Adds Warning

Foxit Software says it plans to add a warning to protect users from a new attack vector involving PDF files that can affect users without exploiting a software vulnerability. Adobe, which already has a warning built in, says the issue is being discussed.

Foxit Software plans to follow Adobe Systems' lead and add a dialog box giving users a heads-up about a new attack tactic involving malicious PDF files.

The security issue was uncovered by Didier Stevens, an IT security consultant with Contraste Europe, who discovered a way to get PDF viewers such as Adobe Reader and Foxit Reader to execute embedded executables using a launch action triggered when the PDF file is opened.

In Adobe Reader, the situation is mitigated by a warning that pops up and forces the user to click open before the executable is run. However, Foxit currently allows the embedded executable to run without either a warning or user interaction.

"After receiving word of a recent security concern, the Foxit development team immediately looked into the issue, confirmed the risk and resolved the situation quickly," the company said in a statement. "Foxit expects to release a new version of Foxit Reader with this fix on April 2, 2010.

"To address the specific problems outlined, Foxit has added a warning dialog box that will pop up when a PDF file is opened with Foxit Reader, asking the user to agree to execute or not," the company continued. "This solution adds a layer of safety yet maintains Foxit Reader's compliance with current PDF standards."

Adobe has said its warning box offers users sufficient protection, though Stevens has said he found a way to partially alter the warning in the dialog box as seen here in pictures on his blog. Ideally, Stevens told eWEEK March 31, the launch action feature should be disabled.

An Adobe spokesperson said the company is discussing the situation, but did not indicate if any further action would be taken.