Hacker Finds Multiple PDF Backdoors 147
Gungadin writes "Eweek.com has a story about a British security researcher figuring out a way to manipulate legitimate features in Adobe PDF files to open backdoors for computer attacks. David Kierznowski, a penetration testing expert specializing in Web application testing, has released proof-of-concept code and two sample PDF files to demonstrate how the Adobe Reader program can be rigged to launch Web-based attacks without any user action. He claims there are least seven different ways to backdoor a PDF."
Re:Confused (Score:4, Informative)
Many of these features are quite helpful for corporate clients, but maybe shouldn't be allowed by default.
In retrospect, some of the other free 3rd part PDF viewers, that don't support those fancy features, might be better for people to use:
http://www.icesoft.com/products/icepdf.html [icesoft.com]
Re:Confused (Score:3, Informative)
Easy (Score:5, Informative)
Re:It's not a vulnerability, it's an exploit... (Score:3, Informative)
An exploit would be more along the lines of the old outlook viruses. Outlook used to allow arbitrary scripts to be run on mail loading, and messages to be sent to an entire address book. Combine these two, and you have an exploit. It's behaving completely as intended, but they never expected someone to use the features like that.
The PDF reader is behaving as intended, though nobody expected the intended behavior to add up to that.
Re:Mac OS X Drawing Subsystem? (Score:3, Informative)
Apple, along with Preview, has its own implementation of rendering and viewing PDFs
Only on the Windows version (Score:1, Informative)
Easy Fix: Disable those plugins! (Score:2, Informative)
I just want a reader, not a full fledged pseudo-browser app with tons of security exploits - there's already one called Internet Explorer on my PC!
So I've moved away: Accessibility, Acroform, ADBC, EScript, Multimedia, weblink, webpdf, etc.
Now when you open those "exploit" links, you get an pop-up saying, "The plug-in required by this 'URI' action is not available."
You get another benefit from this. Your acrobat reader will load sooo much faster too!
Back Door Demo #2 - Link Wrong (Score:5, Informative)
http://michaeldaw.org/projects/backdoored2.pdf [michaeldaw.org]
Free (Score:3, Informative)
Better yet, use Ghostscript [wisc.edu]. It's also much lighter and faster than Acrobat Reader, and -- more importantly, and unlike Foxit Reader -- is Free Software.
Doesn't work on Linux (Score:4, Informative)
Re:Popplers?!? (Score:1, Informative)
Load PDFs with Acrobat in seconds (Score:5, Informative)
Re:Non Adobe? (Score:2, Informative)
Not necessarily.
Some gPDF [securityfocus.com] vulnerabilities.
I didn't find any Evince vulnerabilities in my limited search, but that doesn't mean there will not be one. You will most likely remain safe from 'sploits targeted towards Adobe users by not using the Adobe PDF reader, but that should be obvious.
Core PDF freature and not a bug anyway (Score:3, Informative)
In my view this claim is idiotic anyway. I just found a giant security hole in HTML where if they view my page or email with a link and if they click on it, it might take them to a malicious site.
*yawn*
Re:Mac OS X Drawing Subsystem? (Score:2, Informative)
Re:Turing complete (Score:1, Informative)
While there's a close link between PostScript and PDF that make the translation from PostScript to PDF easy to do, the fact that PDF merely stores the output of a PostScript interpreter (rendering commands) is why it's faster and simpler to implement than full PostScript.