Hacker finds a way to exploit PDF files, without a vulnerability

Posted by tracyanne on Apr 1, 2010 4:03 AM EDT
ZDNet; By Ryan Naraine
Mail this story
Print this story

A security researcher has managed to create a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities.

Although PDF viewers like Adobe Reader and Foxit Reader doesn’t allow embedded executables (like binaries and scripts) to be extracted and executed, Stevens discovered another way to launch a command (/Launch /Action), and ultimately run an executable he embedded using a special technique.

Stevens said Adobe’s PDF Reader will block the file from automatically opening but he warned that an attacker could use social engineering tricks to get users to allow the file to be opened.

With Foxit Reader, there is no warning whatsoever:

Full Story

  Nav
» Read more about:

« Return to the newswire homepage

Subject Topic Starter Replies Views Last Post
The exploit appears to be an exploit of the PDF standard tracyanne 18 1,175 Apr 1, 2010 6:36 PM

You cannot post until you login.