The exploit appears to be an exploit of the PDF standard
|
| Author | Content |
|---|---|
| tracyanne Apr 01, 2010 4:07 AM EDT |
as implemented by Adobe and Foxit. Which neans it might be possible to do the same thing on Linux. Probably with less dire consequences, but all the same it may be doable. Evince is not compromised on Windows or Linux. I've tested it, using the proof of concept file. |
| tmx Apr 01, 2010 4:29 AM EDT |
I am more interested if you have a recommendation of an alternative to PDF. I really despise whenever I'm being emailed or force to use one of these. Why does every format that come from (or bought by) Adobe has to be slow and vulnerable? Yet why do people let them become the de facto standards? |
| tracyanne Apr 01, 2010 4:49 AM EDT |
Okular appears to be safe as well. There's quite a bit of chatter about this exploit on Didier Stevens (the hacker) site at http://blog.didierstevens.com/2010/03/29/escape-from-pdf/ |
| tracyanne Apr 01, 2010 4:58 AM EDT |
Xpdf, also appears to be safe. |
| bigg Apr 01, 2010 6:02 AM EDT |
I didn't know Evince works on Windows. I'll have to install it on my wife's computer. |
| tracyanne Apr 01, 2010 6:16 AM EDT |
I found out today, and installed it on my Windows machine at work. |
| dinotrac Apr 01, 2010 6:45 AM EDT |
Thank goodness pdf isn't a popular format... Huh? What's that? But everybody calls it fat. Doesn't mean the same as in high school? Then cr@p, this is a problem. |
| Bob_Robertson Apr 01, 2010 9:04 AM EDT |
> Doesn't mean the same as in high school? Years of forced labor for the crime of being young. "so that there be not one stone left standing upon another, and salt sown in the ruins" Good enough for Carthage, good enough for highschool. Ok, I'm back. PDF? Must see if Kpdf is vulnerable. Oh, poop, that's right, I'm using 3.5, so there won't be any fix. |
| dinotrac Apr 01, 2010 9:38 AM EDT |
BR -- >Oh, poop, that's right, I'm using 3.5, so there won't be any fix. TOS! Any effort to inject truthful KDE commentary is an affront to something or other. |
| Bob_Robertson Apr 01, 2010 11:16 AM EDT |
> TOS! You're right, Dino. I appologize. "By Deng Xiao Ping's Capitalist Counter-revolution! I'm using KDE 3.5, Kpdf will no longer be updated! I'm Mao'd!" |
| tuxchick Apr 01, 2010 12:04 PM EDT |
My cat says Mao, Mao all the time. |
| dinotrac Apr 01, 2010 12:13 PM EDT |
Red tabby, I presume? |
| kingttx Apr 01, 2010 1:23 PM EDT |
Oh man, y'all are killing me! Hah! |
| jdixon Apr 01, 2010 1:37 PM EDT |
> Red tabby, I presume? Now you've done it. Now I'll have The Siamese Cat Song running through my head all day (they are asiatic cats, after all). |
| dinotrac Apr 01, 2010 2:03 PM EDT |
>they are asiatic cats, after all Too headstrong and self-centered for the Feline's Republic. |
| chalbersma Apr 01, 2010 3:37 PM EDT |
I thought this was an April Fools prank.... |
| dinotrac Apr 01, 2010 3:38 PM EDT |
Only if you're a mouse. |
| Bob_Robertson Apr 01, 2010 4:53 PM EDT |
> I thought this was an April Fools prank.... New around here? |
| hkwint Apr 01, 2010 6:36 PM EDT |
Did anyone notice the flaw tries to start Xcalc on Linux machines? I was told so (it starts calc.exe on Windows and something else on Mac). Indeed, Okular is not vulnerable. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!