New Method Could Hide Malware In PDFs, No Further Exploits Needed

Trailrunner7 writes "A security researcher has managed to create a proof-of-concept PDF file that executes an embedded executable without exploiting any other security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file. With Adobe Reader, the only thing preventing execution is a warning. Disabling JavaScript will not prevent this."

Re:Sad

[Pentium100]

Also the first comment there says how you can hex edit the .exe to disable this "feature".

If you can live without the /Launch functionality (I can!), edit the executable:

- search for “^@Launch^@” (^@ == null byte, file offset 7040965 in 3.13.1030) in Foxit Reader.exe,

- change it to e.g. “L!unch” (no quotes),

- save AS BINARY,

done.

Comment by Thomas — Wednesday 31 March 2010 @ 12:20