Full Disclosure mailing list archives
Re: Backdooring PDF Files
From: "Bipin Gautam" <gautam.bipin () gmail com>
Date: Sun, 17 Sep 2006 05:07:02 +0545
Looks to me like its a flaw in the PLUG-IN not the Acrobat Reader itself. Here plugin should be disabled for the "URI" action. Go to your folder .....ProgramFileDir\Adobe\Acrobat ver\Reader\plug_ins\ & only leave the PLUGINS that are ONLY FREQUENTLY USED BY U (or requests a program action withing the program) Which in my case, i only have the plugins, EWH32.api Search*.api rest....plugins move them to another folder (say: ProgramFileDir\Adobe\Acrobat ver\plug_ins_disabled\ ) acrobat has grown something BEYOND just a reader into something BIG with lots of attack vectors since ages. best security practices ? -bipin On 9/13/06, David Kierznowski <david.kierznowski () gmail com> wrote:
Recently, there has been alot of hype involving backdooring various web technologies. pdp (arcitect) has done alot of work centered around this area. I saw Jeremiah Grossman mention PDF's being "BAD", however, I was unable to easily locate any practical reasons as to why. I decided to investigate this a little further. This article discusses two possible backdoor techniques for Adobe Acrabat Reader and Professional. It includes proof of concept code and backdoored PDF documents. The article can be found here: http://michaeldaw.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Bipin Gautam http://bipin.tk Zeroth law of security: The possibility of poking a system from lower privilege is zero unless & until there is possibility of direct, indirect or consequential communication between the two... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Backdooring PDF Files David Kierznowski (Sep 13)
- Re: Backdooring PDF Files Bipin Gautam (Sep 16)
- <Possible follow-ups>
- Re: Backdooring PDF Files Juha-Matti Laurio (Sep 13)
- Re: Backdooring PDF Files pdp (architect) (Sep 13)
- Re: Backdooring PDF Files David Kierznowski (Sep 13)
- Re: Backdooring PDF Files Hugo Francisco González Robledo (Sep 14)
- Re: Backdooring PDF Files Stan Bubrouski (Sep 14)
- Re: Backdooring PDF Files pdp (architect) (Sep 13)
- Re: Backdooring PDF Files Juha-Matti Laurio (Sep 13)
- Re: Backdooring PDF Files Juha-Matti Laurio (Sep 13)
- Re: Backdooring PDF Files Markus Jansson (Sep 13)
- Re: Backdooring PDF Files Geo. (Sep 14)
- Re: Backdooring PDF Files Dude VanWinkle (Sep 14)
- Re: Backdooring PDF Files Geo. (Sep 14)
(Thread continues...)