PDF exploited without vulnerability

Viewing 11 reply threads
  • Author
    Posts
    • #4878
      Anquilas
      Participant

      A researcher (from Belgium! 😉 ) has found a way to exploit pdf files, without using a vulnerability. He created a pdf file with an embedded executable, which will start when the pdf file is opened.

      http://blogs.zdnet.com/security/?p=5929

      Pretty cool it seems, as far as my knowledge about the subject goes 🙂

    • #30693
      Ketchup
      Participant

      That’s a very cool exploit.  I can’t wait to see to the PDF language behind it.

    • #30694
      j0rDy
      Participant

      Nice find! i like the part that Foxit Reader doesnt even give a warning! (it just executes the script without ant notification) A lot of people are switching to Foxit, so this proves that alternatives arent always better!

    • #30695
      Anquilas
      Participant

      Idd 🙂 Now let’s hope that Adobe fixes it asap (for once)

    • #30696
      j0rDy
      Participant

      just read that foxit will fix the problem first thing next week:

      http://forums.foxitsoftware.com/showthread.php?p=41323

      lets see how Adobe will do…

    • #30697
      UNIX
      Participant

      Interesting, looking forward to more details on this.

    • #30698
      Jhaddix
      Participant

      So, metaphish uses this functionality only with javascript. I believe Dave Kennedy will be implementing into SET (the Social Engineering Toolkit) soon =)

      So many ways to trick the user =(

    • #30699
      j0rDy
      Participant

      here is the link to his blog:

      http://blog.didierstevens.com/2010/03/29/escape-from-pdf/

      and here is a direct link to a zip file with the malicious file inside. dont worry, it will only spawn a command prompt. maybe you can do some reverse engineering on it?

      http://didierstevens.com/files/data/launch-action-cmd.zip

      Don: Can i post this or is it out of bounds?

    • #30700
      n1p
      Participant

      @j0rDy wrote:

      and here is a direct link to a zip file with the malicious file inside. dont worry, it will only spawn a command prompt. maybe you can do some reverse engineering on it?

      Guys, since I had some spare time :), just a small write-up on this to demonstrate how it occurs in the PDF. Thought you all might be interested.

      http://www.isolatedthreat.com/?p=214

      As usual comments welcome.

      n1p

    • #30701
      Ketchup
      Participant

      The cool thing about this one is that it doesn’t rely on JavaScript being enabled in Adobe.  It must be using the built in language. 

      Nice write-up btw n1p.

    • #30702
      n1p
      Participant

      Yes, it is using the PDF language spec, but not in the way they intended 😛

      Malware uses a variety of techniques to embed in a PDF, so I will be interested to see how he has done it… And how vendors respond

    • #30703
      Jhaddix
      Participant

      Testing a /dev/tcp version atm that will send goodness over the wire in *nix =)

Viewing 11 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?