Adobe Reader Blog
Stay up-to-date on Adobe Reader…

April 6, 2010

PDF “/Launch” Social Engineering Attack

Recently, Didier Stevens, a well-known security researcher, demonstrated a social engineering attack, which relies on the “/launch” functionality as described in the PDF specification (ISO PDF 32000-1:2008) under section 12.6.4.5. This is a good example of powerful functionality relied upon by some users that also carries potential risks when used incorrectly by others. The warning message provided in Adobe Reader and Acrobat includes strong wording advising users to only open and execute the file if it comes from a trusted source. Furthermore, the default option within the dialog is to not execute.

Adobe takes the security of our products and technologies very seriously; we are therefore always listening to and evaluating ways to allow end-users and administrators to better manage and configure features like this one to mitigate potential associated risks. We are currently researching the best approach for this functionality in Adobe Reader and Acrobat, which we could conceivably make available during one of the regularly scheduled quarterly product updates.

As we investigate this, users can use the following method to further mitigate against this risk. For consumers, open up the Preferences panel and click on “Trust Manager” in the left pane. Clear the check box “Allow opening of non-PDF file attachments with external applications” as shown below.

trust_mgr_pref.jpg

For administrators who wish to accomplish this with a registry setting on Windows, add the following DWORD value to:
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Originals

Name: bAllowOpenFile
Type: REG_DWORD
Data: 0

Furthermore, an administrator can grey out the preference to keep end-users from turning this capability on, by adding the following DWORD value to: HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Originals

Name: bSecureOpenFile
Type: REG_DWORD
Data: 1

Note: These samples assumed you were adding registry settings to Adobe Reader 9. For Adobe Acrobat, you would replace “Acrobat Reader” with “Adobe Acrobat”, and for a different version, you would substitute its value for “9.0”.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share

COMMENTS

  • By Jay Lockard - 7:19 PM on April 23, 2013  

    Security problems with internet use of some UPS & FedEX invoices. Do you have any experiences with same or recommendations how to overcome the blockage of these related files with “security” problems?

    • By joiemikitson - 10:24 PM on April 23, 2013  

      Hi Jay, thanks for reaching out. Could you share some more detail about the security problem you’re encountering?

  • By Christian Mulaney - 4:29 AM on May 9, 2013  

    Some genuinely good info , Gladiolus I observed this. “Use your imagination not to scare yourself to death but to inspire yourself to life.” by Adele Brookman.

    • By joiemikitson - 5:26 PM on May 9, 2013  

      Thanks for the feedback!

  • By Nam Heiliger - 1:58 PM on July 23, 2013  

    nice post!! :)