View Single Post
  #1   (View Single Post)  
Old 31st March 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default PDF exploit requires no specific security hole to function

From http://www.h-online.com/security/new...on-968140.html

Quote:
Bad news: PDF security specialist Didier Stevens has developed a PDF document which is capable of infecting a PC – without exploiting a specific vulnerability. The demo exploit works both in Adobe Reader and in Foxit. Stevens says he used the "Launch Actions/Launch File" option, which can even start scripts and EXE files that are embedded in the PDF document. This option is part of the PDF specification.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote