PDF exploited without vulnerability

This topic contains 11 replies, has 6 voices, and was last updated by  Jhaddix 9 years, 2 months ago.

  • Author
    Posts
  • #4878
     Anquilas 
    Participant

    A researcher (from Belgium! ๐Ÿ˜‰ ) has found a way to exploit pdf files, without using a vulnerability. He created a pdf file with an embedded executable, which will start when the pdf file is opened.

    http://blogs.zdnet.com/security/?p=5929

    Pretty cool it seems, as far as my knowledge about the subject goes ๐Ÿ™‚

  • #30693
     Ketchup 
    Participant

    That’s a very cool exploit.ย  I can’t wait to see to the PDF language behind it.

  • #30694
     j0rDy 
    Participant

    Nice find! i like the part that Foxit Reader doesnt even give a warning! (it just executes the script without ant notification) A lot of people are switching to Foxit, so this proves that alternatives arent always better!

  • #30695
     Anquilas 
    Participant

    Idd ๐Ÿ™‚ Now let’s hope that Adobe fixes it asap (for once)

  • #30696
     j0rDy 
    Participant

    just read that foxit will fix the problem first thing next week:

    http://forums.foxitsoftware.com/showthread.php?p=41323

    lets see how Adobe will do…

  • #30697
     UNIX 
    Participant

    Interesting, looking forward to more details on this.

  • #30698
     Jhaddix 
    Participant

    So, metaphish uses this functionality only with javascript. I believe Dave Kennedy will be implementing into SET (the Social Engineering Toolkit) soon =)

    So many ways to trick the user =(

  • #30699
     j0rDy 
    Participant

    here is the link to his blog:

    http://blog.didierstevens.com/2010/03/29/escape-from-pdf/

    and here is a direct link to a zip file with the malicious file inside. dont worry, it will only spawn a command prompt. maybe you can do some reverse engineering on it?

    http://didierstevens.com/files/data/launch-action-cmd.zip

    Don: Can i post this or is it out of bounds?

  • #30700
     n1p 
    Participant

    @j0rdy wrote:

    and here is a direct link to a zip file with the malicious file inside. dont worry, it will only spawn a command prompt. maybe you can do some reverse engineering on it?

    Guys, since I had some spare time :), just a small write-up on this to demonstrate how it occurs in the PDF. Thought you all might be interested.

    http://www.isolatedthreat.com/?p=214

    As usual comments welcome.

    n1p

  • #30701
     Ketchup 
    Participant

    The cool thing about this one is that it doesn’t rely on JavaScript being enabled in Adobe.ย  It must be using the built in language.ย 

    Nice write-up btw n1p.

  • #30702
     n1p 
    Participant

    Yes, it is using the PDF language spec, but not in the way they intended ๐Ÿ˜›

    Malware uses a variety of techniques to embed in a PDF, so I will be interested to see how he has done it… And how vendors respond

  • #30703
     Jhaddix 
    Participant

    Testing a /dev/tcp version atm that will send goodness over the wire in *nix =)

You must be logged in to reply to this topic.

Copyright ยฉ2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?