Foxit

A blog contributor who goes by the name of “jeremy” has continued to research the possibilities inherent in the recently discovered .pdf-file weakness that could enable the execution of code. Jeremy posted earlier this week that he had created a proof of concept .pdf file that could spread to other .pdf files on a system or network (which makes it a worm). “Within the proof of concept I infected a single benign PDF file from another PDF file, but this proof of concept could easily be modified to recursively traverse a users computer directories to find and infect all PDF files on that users computer and/or accessible to that user at the time of execution with any payload of my choosing.” He wrote on the SudoSecure.net site. ...

Didier Stevens, security professional and blogger, has found a “feature” in the PDF file format that makes it possible to package an executable in a PDF file which will run in Foxit PDF reader or run in Adobe Reader with a bit of social engineering. “With Adobe Reader, the only thing preventing execution is a warning. Disabling JavaScript will not prevent this (I don’t use JavaScript in my PoC PDF), and patching Adobe Reader isn’t possible (I’m not exploiting a vulnerability, just being creative with the PDF language specs).” ...