Microsoft patches PDF vulnerability

Stephen Withers
Wednesday, 14 February 2007 09:48

Your IT - Home IT

Like Apple and Adobe, Microsoft has discovered that the bad guys can build PDF files containing malware capable of taking control of a computer.

Possibly the most serious bug addressed by Microsoft's February crop of security updates is the one affecting PDF file handling by the Microsoft Malware Detection Engine used by Windows Live OneCare, Windows Defender and other products.

"This vulnerability is critical since the malicious PDF could be hosted on a Web site or distributed via e-mail where it could be scanned by the infected AV engine at the gateway or when it arrives at the desktop," according to a Symantec statement. "A successful exploit will completely compromise the affected computer."

This bug may be related to those in older versions of Adobe Reader and in the Preview utility in Apple's Mac OS X. PDF files are organised via a page tree, allowing an application to quickly open any page within even very large documents. But if the application blindly trusts the data structures that support this instead of performing its own sanity checks, various error conditions can occur - including the possibility of executing arbitrary code concealed within the document.

This problem, which was disclosed last month, had already been fixed in Adobe Reader 8.0 but Preview remains unpatched.

Microsoft's vulnerability is in the Malware Detection Engine, which is supposed to check files before users open them. This means that even if users practice 'safe computing' and avoid opening PDFs received from unexpected sources, it's too late - the rogue file has already been scanned and the system compromised.