PDF files could be used to spread malware to clean PDF files stored on a target computer running Adobe Acrobat Reader or Foxit Reader PDF software, a security researcher warned on Monday.
Jeremy Conway, product manager at NitroSecurity, created a proof of concept for an attack in which malicious code is injected into a file on a computer as part of an incremental update, but which could be used to inject malicious code into any or all PDF files on a computer.
The attack requires the user of the computer to allow the code to be executed by agreeing to it via a dialog box. However, the attacker could at least partially control the content of the dialog box that appears to prompt the user to launch the executable and thus use social engineering to entice the computer user to agree to execute the malware, said Conway in his blog.
For more on this story, see Exploits not needed to attack via PDF files on CNET News.