PDF Execution function deemed dangerous


A design feature in PDF allows for the execution of a program from
within the PDF. Most PDF readers supply a warning about executing the
program before continuing.

A researcher last week showed how the warning message could be rewritten
by a malicious PDF and trick the user into allowing it to execute. It
could potentially infect other PDFs or run whatever the attacker desired.

While Adobe is still trying to figure out what to do, they have released
this document showing how to disable the program execution feature in
their software.

It involves changing some registry entries for Windows Adobe and how to
do it en masse.

It is recommended that these settings be applied to Adobe installations
to reduce the risk of malicious PDFs tricking users into running
arbitrary programs. If you have a specific need for this functionality,
please let me know.