This worries me (more information). It would appear that you could craft PDFs that could hijack someone’s machine simply by their opening the PDF. This is especially pernicious because Adobe Reader is so intent on integrating PDF into Internet Explorer using various Browser Helper Objects and ActiveX Controls that a “drive-by” hijack would be simple to set up once you’ve crafted the malicious PDF file.
A quick fix (that Works On My Machine™) that prevents the automatic opening/viewing of PDF files from the web is to change the
HKEY_CLASSES_ROOT.pdfContent Type registry key from
application/pdf to something like
application/octet-stream. This means that you have to save the files first before opening them.
Some possible scriptable ways of automating this:
Method 1: A .REG file
Save the following into a file with a “.reg” file extension and running using
regedit.exe /s filename.reg.
REGEDIT4 [HKEY_CLASSES_ROOT.pdf] "Content Type"="application/octet-stream"
Method 2: The REG command
Alternatively the following, using the reg.exe command will achieve the same result:
reg add HKCR.pdf /v "Content Type" /d "application/octet-stream" /f
You obviously still need to be careful about PDFs, you just have the ability now to actively decide whether you want to open them.
One thought on “Disabling direct PDF viewing/opening from the web”