PDF “/Launch” Social Engineering Attack
Recently, Didier Stevens, a well-known security researcher, demonstrated a social engineering attack, which relies on the “/launch” functionality as described in the PDF specification (ISO PDF 32000-1:2008) under section 126.96.36.199. This is a good example of powerful functionality relied upon by some users that also carries potential risks when used incorrectly by others. The warning message provided in Adobe Reader and Acrobat includes strong wording advising users to only open and execute the file if it comes from a trusted source. Furthermore, the default option within the dialog is to not execute.
Adobe takes the security of our products and technologies very seriously; we are therefore always listening to and evaluating ways to allow end-users and administrators to better manage and configure features like this one to mitigate potential associated risks. We are currently researching the best approach for this functionality in Adobe Reader and Acrobat, which we could conceivably make available during one of the regularly scheduled quarterly product updates.
As we investigate this, users can use the following method to further mitigate against this risk. For consumers, open up the Preferences panel and click on “Trust Manager” in the left pane. Clear the check box “Allow opening of non-PDF file attachments with external applications” as shown below.
For administrators who wish to accomplish this with a registry setting on Windows, add the following DWORD value to:
Furthermore, an administrator can grey out the preference to keep end-users from turning this capability on, by adding the following DWORD value to: HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Originals
Note: These samples assumed you were adding registry settings to Adobe Reader 9. For Adobe Acrobat, you would replace “Acrobat Reader” with “Adobe Acrobat”, and for a different version, you would substitute its value for “9.0″.
Steve Gottwals, Group Product Manager, Adobe Reader