Is anything truly secure...

50 Comments on “Are PDF’s Worm-able?”

  1. BitPoet
    Nice work, Jeremi. That's the next logical step in building upon PDF's weakness, and I do hope that Adobe&Co think hard about their measures to prevent it from becoming a widespread backdoor. IMHO opening external apps and docs via the shell should be disabled by default in all viewers and permissions should explicitely be granted on a by-directory (or URI) base similar to IE's trusted sites concept.
    • jeremy
      No you don't need to know the PDF file name to pull this off, but in my simple PoC I did hardcode the name. To really make this expandable logic for doing a directory listing just needs to be added, which is actually fairly trivial to pull off.
  2. Anon
    Not difficult in the slightest if someone knows a bit about programming and reads the pdf specification. There has been a metasploit module out for quite a while that uses portions of this technique. I was more impressed with the exploit on foxit.
    • jeremy
      @yunsoul Very nice... Everyone that has emailed me for specifics I have directed them to the PDF specifications guide, as that is all that is really needed to get started. Add that with some creative scripting and we have one nasty mess on our hands. Again great POC and I really like how you infected two PDF files.

Comments are closed.

Copyright © 2014 SudoSecure LLC. All rights reserved.

rvn_polyon_theme rvn_polyon_theme_tv_1_7 rvn_polyon_theme_fwv_2_2