Network Security: Detailed info on [Full-disclosure] Backdooring PDF Files

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

[Full-disclosure] Backdooring PDF Files

from [David Kierznowski] Network Security

[Permanent Link]

Subject:	[Full-disclosure] Backdooring PDF Files
Date:	Wed, 13 Sep 2006 14:53:58 +0100

Recently, there has been alot of hype involving backdooring various
web technologies. pdp (arcitect) has done alot of work centered around
this area.

I saw Jeremiah Grossman mention PDF's being "BAD", however, I was
unable to easily locate any practical reasons as to why. I decided to
investigate this a little further.

This article discusses two possible backdoor techniques for Adobe
Acrabat Reader and Professional. It includes proof of concept code and
backdoored PDF documents.

The article can be found here:
http://michaeldaw.org/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] Backdooring PDF Files, David Kierznowski <= Re: [Full-disclosure] Backdooring PDF Files, Bipin Gautam Re: [Full-disclosure] Backdooring PDF Files, Juha-Matti Laurio Re: [Full-disclosure] Backdooring PDF Files, pdp (architect) Re: [Full-disclosure] Backdooring PDF Files, David Kierznowski Re: [Full-disclosure] Backdooring PDF Files, Hugo Francisco González Robledo Re: [Full-disclosure] Backdooring PDF Files, Stan Bubrouski Re: [Full-disclosure] Backdooring PDF Files, Juha-Matti Laurio Re: [Full-disclosure] Backdooring PDF Files, Juha-Matti Laurio

Previous by Date:	[Full-disclosure] [SECURITY] [DSA 1175-1] New isakmpd packages fix replay protection bypass, Martin Schulze
Next by Date:	[Full-disclosure] Multiple Vulnerabilities in Apple QuickTime, David_Marcus
Previous by Thread:	[Full-disclosure] [SECURITY] [DSA 1175-1] New isakmpd packages fix replay protection bypass, Martin Schulze
Next by Thread:	Re: [Full-disclosure] Backdooring PDF Files, Bipin Gautam
Indexes:	[Date] [Thread] [Top] [All Lists]