|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: I)ruid (druid
caughq.org)
Date: Thu Apr 01 2010 - 11:35:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 2010-04-01 at 07:52 -0700, dave wrote:
> https://forum.immunityinc.com/board/thread/1199/exploiting-pdf-files-without-vulnerabili/?page=1#post-1199
>
> D2 points out rightfully that everyone with the D2 CANVAS Exploit Pack
> (email adminimmunityinc.com now for pricing! :>) has known about this
> particular feature of PDF's for over two years. D2 comes with an NDA, so
> it's not surprising it's not "General Knowledge" but the well-funded
> among you should at least stop acting so surprised. :>
Honestly, I thought pretty much anyone that has spent any amount of time
looking at PDFs was probably aware of the Launch action. I wrote a
light PDF generator a couple years ago and discovered the ability to
Launch commands in relatively short order, but didn't think it anything
interesting as it required user interaction via prompting the user with
a dialog.
The interesting bits of the recent report is that the Foxit reader
specifically does *not* require user interaction[1], and the ability to
partially control the dialog message that is displayed to the user in
Adobe Reader[2]. The under-lying mechanism of being able to execute
commands from within a PDF however is fairly well-known and nothing new,
as your post also illustrates.
[1] http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
[2] http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/
--
I)ruid, C˛ISSP
druidcaughq.org
http://druid.caughq.org
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]