Here's a frightening feature, explorer shell can launch an exe on a mindless mouse ov

Discussion in 'ProcessGuard' started by rickontheweb, Jul 8, 2005.

Thread Status:
Not open for further replies.
  1. rickontheweb

    rickontheweb Registered Member

    Nov 14, 2004
    The things you find out with ProcessGuard. It never ceases to amaze me.

    I always wondered what the new background running little helper app, acrord32info.exe was for in Acrobat Reader 7 (on version 7.02 already because of security fixes mind you). Due to my bad experience with Photoshop CS, I always set acrord32info.exe to deny always in ProcessGuard, since it didn't seem to make any difference if it ran or not when viewing PDF's.

    Turns out, if you open a window in the explorer shell with PDF's in it, acrord32info.exe launches by itself in the background the moment your mouse moves over a PDF file. You don't even have to single click or double click a PDF file, all you have to do is move your mouse over a PDF file on the way to another icon and acrord32info.exe launches in the background. Talk about a hair trigger response. It's probably some sort of safe harmless preloader app used to speed up Reader access, but the concept of execute in explorer, on a mindless mouse-over of a file type, seems like a recipe for disaster. It's easy enough to stop, set acrord32info.exe (not acrord32.exe) to deny always or deny once for a prompt. Optionally check your System Event log after denying it, you'll have a DCOM error. Search on the DCOM Server # the event lists in the registry and zap it, no more launch on mouse over. Reader has a detect and repair option so you can repair if you notice it breaks something. I see no ill effects.

    I could see how this feature could be abused. Sometimes all you have to do is skim your mouse over something to launch a stealthy executable in explorer. But it does make me appreciate PG's Execution Protection feature all the more.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.