A security researcher has found a way to run arbitrary code on Windows computers by embedding it in a malicious PDF file.
The code will run when viewed in two popular PDF reader applications, but the author of the hack says it doesn't exploit a software vulnerability.
PDF readers from Adobe Systems and Foxit don't allow embedded executables to run directly, wrote Didier Stevens on his security blog. But Stevens found a way to get an embedded executable to run via a different launch command.
More: http://www.computerworld.com/s/article/9174606/
The code will run when viewed in two popular PDF reader applications, but the author of the hack says it doesn't exploit a software vulnerability.
PDF readers from Adobe Systems and Foxit don't allow embedded executables to run directly, wrote Didier Stevens on his security blog. But Stevens found a way to get an embedded executable to run via a different launch command.
More: http://www.computerworld.com/s/article/9174606/