Yesterday we blogged about a problem in the design of PDFs that can lead to exploitation. http://www.eset.com/blog/2010/04/06/pdfs-exploitable-im-shocked

The problem is that PDFs are now designed to be able to include executable attachments and to execute them. Foxit has released a fix for their software. If you use Foxit then you should make sure your version is current. Adobe has a workaround, but not a patch or new version.

We did post the workaround, but I’ll post it again and include some other security settings that I recommend for most people using Reader or Acrobat. The first thing to do is to check for updates and make sure you have the most current version. For Reader this is free, for Acrobat there may be a charge to upgrade to the most current version, but patches should still be available for supported versions.

To protect against the problem with executables being run, open up Reader and go to the Edit menu and select Preferences… From here, on the left side of the window click on Trust Manger. On the right side there is a check box that you should uncheck. This will prevent Reader from opening non-PDF file attachments. This is a good start, but there’s more to securing Reader.

Still in Preferences, click on the label JavaScript and uncheck that box. Many of the past vulnerabilities in Reader, and there have been several, were exploiting by also using JavaScript. Most people don’t need JavaScript in a PDF. If you open a PDF that has JavaScript you will be prompted to turn it on. I always refuse to turn it on and I open the PDF without it.

Next, still in Preferences, click on Multimedia Trust (Legacy).  This is where you set how Reader acts when it runs Windows Media Player or Flash in a PDF. The default is to always run the multimedia files. I change this to Prompt. The reason for this is that sometimes there are vulnerabilities found in the media players. When the settings for the multimedia players prompt you to allow the media to be played, you can choose not to, especially if you weren’t expecting a media file.
Finally, in Preferences, click on Security (Enhanced) and make sure that the enhanced security is enabled.

PDFs are a major attack vector, but you can minimize the ability for many attacks to succeed by properly configuring Reader (and Acrobat) for better security.

Randy Abrams
Director of Technical Education