I think it depends on the context.
Example 1 (backdoored1.pdf) :
On Ubuntu Linux with Adobe Reader 7.0.1 opens the web page on
mozilla-firefox whitout warning.
On Windows XP sp2 with Adobe Reader 7.0.8 sends a warning about open the
url.
Example 2 (backdoored2.pdf) :
On Ubuntu Linux and windows XP sp2 does nothing apparently.
it, could be possible to make multi-target attacks :)
but other viewers like evince or xpdf don't have any effect :(
Regards!
On Wed, Sep 13, 2006 at 11:06:55PM +0300, Juha-Matti Laurio wrote:
Proof of Concept for example 1 (backdoored1.pdf) opened with Adobe Reader
7.0.8
(i.e. no browser plug-in used) issued a Security Warning dialog box:
"The document is trying to conenct to the site:
http://www.google.com/owned.html
If you trust the site click "Allow", otherwise click "Block"."
Option Remember my action is in use as well.
When clicking "Allow" this Google page was opened in MSIE (in fact FF is my
default browser, however).
Am I missing something related to differences between Reader plug-in and
Reader application?
- Juha-Matti
David Kierznowski <david.kierznowski@gmail.com> wrote:
Recently, there has been alot of hype involving backdooring various
web technologies. pdp (arcitect) has done alot of work centered around
this area.
I saw Jeremiah Grossman mention PDF's being "BAD", however, I was
unable to easily locate any practical reasons as to why. I decided to
investigate this a little further.
This article discusses two possible backdoor techniques for Adobe
Acrabat Reader and Professional. It includes proof of concept code and
backdoored PDF documents.
The article can be found here:
http://michaeldaw.org/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
--
Hugo Francisco González Robledo
Instituto Tecnológico de San Luis Potosí
Llave pública en http://www.honeynet.org.mx
Llave pública en http://ardilla.zapto.org
Preguntale a Google-Earth donde estoy :
http://ardilla.zapto.org/ubicaHugo.kml
-------------------------------------------
Educación es lo que queda después de olvidar
lo que se ha aprendido en la escuela.
Albert Einstein
-------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
