Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

PostScript security research

From: Paul Sebastian Ziegler <psz () observed de>
Date: Sat, 03 Mar 2007 20:06:46 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

I'm currently coming across a lot of PostScript documents. And I realize
that most people consider them as "pictures" and thus plainly open them.
This is why I thought about testing it's security and possibly creating
some PoC to raise awareness.

During my research I found that PostScript has the possibility to open
and manipulate files. Now that's a good start. :)
Also this project here proves that it must somehow be possible to "bind"
to a port: http://public.planetmirror.com/pub/pshttpd/
(Still researching this one...)

However google hasn't been particularly helpful when it came to the
following questions:
1) Has anybody researched this before (no need to crash open doors)
2) Is PostScript capable of using the system()-call or something similar?

Does anybody know about this?

Thanks in advance
Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF6cdGaHrXRd80sY8RCsj6AKCT9KwwH/+GCw/td1ZCLN6E4MqF+wCgixu5
fnqrvlvr37O36zEeBfD3BJA=
=/lno
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: