Security researcher found method to run arbitrary code on Windows PCs by embedding it in nasty PDF file. Code run when file is viewed by PDF reader in two popular, but authors of this attack code that exploited vulnerability no software at all. On his blog security researcher Didier Stevens said, application of Adobe PDF reader and Foxit doesn’t permit running files straight executable embedded. Though, Stevens has found method to run embedded executable files through command other boot.

After opening document code, Adobe Reader shows warning message as running code can damage PC, so users need to run application approved. But, Stevens can modify that part of message to convince user to open EXE file.

For example Stevens, Reader run safe Calculator is available for Windows but can also be changed with nasty software. Video proof of concept running Stevens when using Adobe Reader 9.3.1 on Windows XP SP3 and Windows 7.

Application of Foxit PDF reader doesn’t show warning, and with recognition to prove his concept Stevens wrote original EXE file won’t run. Mr. Stevens has solve problem, permitting launch in Foxit EXE file only by opening PDF file was manipulated. Mr. Stevens has declared two problems for both software companies Adobe and Foxit Software.