Edge Browser Is Vulnerable To Hacking, Thanks To Windows Built-in PDF Reader

Edge Browser Exposed By Windows Built-in PDF Reader To Hacking

The Windows Runtime (WinRT) PDF Renderer library, or just WinRT PDF, is one of the powerful components built into the recent releases of Windows OS that allows the developers to integrate PDF viewing functionality in their own apps. It’s used by many apps including the default PDF Reader, third-party apps and even the Microsoft Edge Browser.

The library is used for many apps distributed via the Windows Store, the default Reader App is included in Windows 8 and 8.1, and even with Edge, Microsoft’s latest Web browser.

However, it has been discovered that WinRT PDF, the default PDF reader for Windows 10, leaves Edge users susceptible to a new series of attacks that are amazingly similar to how Flash, Java, and Acrobat have exposed Web users in the past few years.

According to Mark Vincent Yason, security researcher with IBM’s X-Force Advanced Research team, since Microsoft Edge uses WinRT PDF as its default reader, any PDF embedded in the web page will be opened within the library. This makes room for the attackers to abuse the vulnerability via a PDF file. They can open a PDF secretly off-screen with help of CSS and execute the malicious code. It’s similar to exploit kits like Angler or Neutrino deliver Flash, Java, or Silverlight payloads.

All that an attacker needs to do is find and create a database of WinRT vulnerabilities it could influence to distribute their malware via this new attack surface.

“A major factor that will affect when and how often we see in-the-wild exploits for WinRT PDF vulnerabilities depends on how difficult it is to exploit them,” Mr. Yason explains.

He also adds that since Windows 10 implements former EMET features such as Control Flow Guard and ASLR protection, this “makes the development of exploits for WinRT PDF vulnerabilities time-consuming and therefore costly for an attacker.”

At this year’s RSA security conference in San Francisco, Mr. Yason will be coming up with a more in-depth analysis of this attack surface.