This topic contains 11 replies, has 6 voices, and was last updated by 
-
Posts
-
A researcher (from Belgium! π ) has found a way to exploit pdf files, without using a vulnerability. He created a pdf file with an embedded executable, which will start when the pdf file is opened.
http://blogs.zdnet.com/security/?p=5929
Pretty cool it seems, as far as my knowledge about the subject goes π
-
That’s a very cool exploit.Β I can’t wait to see to the PDF language behind it.
-
Nice find! i like the part that Foxit Reader doesnt even give a warning! (it just executes the script without ant notification) A lot of people are switching to Foxit, so this proves that alternatives arent always better!
-
Idd π Now let’s hope that Adobe fixes it asap (for once)
-
just read that foxit will fix the problem first thing next week:
http://forums.foxitsoftware.com/showthread.php?p=41323
lets see how Adobe will do…
-
Interesting, looking forward to more details on this.
-
So, metaphish uses this functionality only with javascript. I believe Dave Kennedy will be implementing into SET (the Social Engineering Toolkit) soon =)
So many ways to trick the user =(
-
here is the link to his blog:
http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
and here is a direct link to a zip file with the malicious file inside. dont worry, it will only spawn a command prompt. maybe you can do some reverse engineering on it?
http://didierstevens.com/files/data/launch-action-cmd.zip
Don: Can i post this or is it out of bounds?
-
@j0rdy wrote:
and here is a direct link to a zip file with the malicious file inside. dont worry, it will only spawn a command prompt. maybe you can do some reverse engineering on it?
Guys, since I had some spare time :), just a small write-up on this to demonstrate how it occurs in the PDF. Thought you all might be interested.
http://www.isolatedthreat.com/?p=214
As usual comments welcome.
n1p
-
The cool thing about this one is that it doesn’t rely on JavaScript being enabled in Adobe.Β It must be using the built in language.Β
Nice write-up btw n1p.
-
Yes, it is using the PDF language spec, but not in the way they intended π
Malware uses a variety of techniques to embed in a PDF, so I will be interested to see how he has done it… And how vendors respond
-
Testing a /dev/tcp version atm that will send goodness over the wire in *nix =)
You must be logged in to reply to this topic.
