Researcher exploits PDF file without using a vulnerability

Discussion in 'malware problems & news' started by linuxforall, Apr 1, 2010.

Thread Status:
Not open for further replies.
  1. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    http://www.net-security.org/secworld.php?id=9083

    Didier Stevens, security researcher and expert on malicious PDF files, has succeeded in creating a proof-of-concept PDF file that uses the launch action triggered by the opening of the file to execute the embedded malicious executable.

    "Disabling JavaScript will not prevent this (I don’t use JavaScript in my PoC PDF), and patching Adobe Reader isn’t possible (I’m not exploiting a vulnerability, just being creative with the PDF language specs)," says Stevens in his blog post.

    The situation is worse with Foxit Reader, where such a message doesn't pop-up and the malicious file is executed automatically
     
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I'd love to have his PoC PDF because using FoxIt, I'd place my bets on my Anti-Executable stopping it cold.

    Glad to see him catch this and bring it to Adobe's attention.
     
  3. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    It would also be interesting to see a apparmored Evince going against this exploit.
     
  4. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,968
    Location:
    U.S.A.
    Pinga is correct. Let's keep the discussion going in that thread. Thanks!

    JR
     
Loading...
Thread Status:
Not open for further replies.