Hacker Finds Multiple PDF Backdoors
Results 1 to 4 of 4

Thread: Hacker Finds Multiple PDF Backdoors

  1. #1

    Hacker Finds Multiple PDF Backdoors

    Via Slashdot: http://it.slashdot.org/article.pl?si...39205&from=rss
    Via EWeek: http://www.eweek.com/article2/0,1895,2016606,00.asp
    PoC: http://michaeldaw.org/projects/backdoored1.pdf
    Source: http://michaeldaw.org

    This article will give two practical examples of how Adobe Professional and Adobe Reader can be backdoored. There are 7 or more points where an attacker can launch malicious code. Both of the attacks discussed below are attached to the “Page Open” event
    By malicious code, the author doesn't mean execution of arbitrary code, but instead the execution of some Adobe flavored javascript. The author "accesses the Windows ODBC, enumerates available databases" with a javascript file, which is interesting but not really a big deal... and I don't see how this is a backdoor at all.

  2. #2
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Isnt this about exploiting a feature for bad reasons/uses or am did I read it wrong? I didn't see any 'backdoors' in here either.

  3. #3
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    EDIT: woops posted in the wrong thread. Nothing to see here, move along

  4. #4
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'd have to agree with Soda that I don't quite see the backdoor here... I suppose in a very out-dated sense of the word, it would make slighly more sense...

    The question here is how is any of this malicious...

    1) You tell a pdf to open a webpage it opens a webpage

    2) You embed javascript to enhance your document, it executes the javascript...

    My response to this would be... IE has a vuln.. it executes Javascript... I've discovered the same vuln in Safari, Netscape, Firefox, Konqueror and others..

    Also the Windows RUN command has a vulnerability... if you type in an URL it will open it in a browser window..

    I looked this guys blog over... I don't see anything that impresses me.. and eWeek picks up and publishes anything and everything...

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides