Re: [Full-disclosure] PDF's unsafe?

[Xyberpix]

My question on this whole thread, as I'm finding it really interesting, is how
the hell did you do that?
Can you point me to any how to's as I really wanna try and come up with 
something
along these lines.

xyberpix

On Fri Sep 23 14:06 , 'Mark W. Webb' <[EMAIL PROTECTED]> sent:

>It appears that there are ways in which malware can be injected into a 
>PDF.  My question is, are there tools to detect them/remove them?  Sure, 
>I guess AV programs can help, but what about the case where I insert a 
>"del /f c:\*.*"
>
>Thanks...
>
>Geo. wrote:
>
>>Haven't any of the security firms checked out adobe pdf reader to see if
>>it's safe? It took 5 minutes to create this nonsense
>>http://www.nthelp.com/test.pdf and that's just using the standard features.
>>I hate to think what a real hacker could do with a pdf.
>>
>>Geo.
>>
>>___
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>  
>>
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PDF's unsafe?

[Mark W. Webb]

It appears that there are ways in which malware can be injected into a 
PDF.  My question is, are there tools to detect them/remove them?  Sure, 
I guess AV programs can help, but what about the case where I insert a 
"del /f c:\*.*"


Thanks...

Geo. wrote:


Haven't any of the security firms checked out adobe pdf reader to see if
it's safe? It took 5 minutes to create this nonsense
http://www.nthelp.com/test.pdf and that's just using the standard features.
I hate to think what a real hacker could do with a pdf.

Geo.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PDF's unsafe?

[Bipin Gautam]

On 9/21/05, Geo. <[EMAIL PROTECTED]> wrote:
> Haven't any of the security firms checked out adobe pdf reader to see if
> it's safe? It took 5 minutes to create this nonsense
> http://www.nthelp.com/test.pdf and that's just using the standard features.
> I hate to think what a real hacker could do with a pdf.
>
> Geo.
>
Even if you have the option in IE "Play videos in webpage"
unchecked... the following page will render

http://bipin.sosvulnerable.net/temp/fdrd.html

& probably your OS will colse the browser after it runs out of memory.

Or maybe try this:

/* 


--- */
SO IE/mozilla  is unsafe?

Bipin Gautam
http://bipin.tk

Zeroth law of security: The possibility of poking a system from lower
privilege is zero unless & until there is possibility of direct,
indirect or consequential communication between the two...
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PDF's unsafe?

[Martin Pitt]

Hi!

Geo. [2005-09-21 11:34 -0400]:
> Haven't any of the security firms checked out adobe pdf reader to see if
> it's safe? It took 5 minutes to create this nonsense
> http://www.nthelp.com/test.pdf and that's just using the standard features.
> I hate to think what a real hacker could do with a pdf.

http://folk.uio.no/gisle/trap.html might be an interesting read for
those interested in this topic. :-)

Martin
-- 
Martin Pitt  http://www.piware.de
Ubuntu Developer   http://www.ubuntulinux.org
Debian Developerhttp://www.debian.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PDF's unsafe?

[Alex]

Embedded executable attachments - could be any type.

Adobe (Reader from version 6 & full version from version 5) allows to open

and execute them manually.

Adobe built-in JavaScript and auto events do not allow execute the
attachments

(at least from my tries, somebody could be more successful)



Alex

- Original Message - 
From: "Geo." <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, September 21, 2005 12:29 PM
Subject: RE: [Full-disclosure] PDF's unsafe?


> >> and I know it doesn't run javascript or allow
> executable attachments in PDF's, like Adobe's does.<<
>
> Executable attachments? How?
>
> Geo.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] PDF's unsafe?

[y0himba]

I have been using Brava reader.  Real nice and fast,good feature set,
someone should check it out :)
www.bravaviewer.com/reader.htm 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Micheal
Espinola Jr
Sent: Wednesday, September 21, 2005 11:54 AM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] PDF's unsafe?

I'm a win32 guy, so I've been using Foxit Reader
<http://www.foxitsoftware.com/pdf/rd_intro.php>.  Its free, 4.5mb total, and
is a stand-alone applications that doesn't require an install.

I keep it on my thumb drive with my other utils.  I've been using it for a
couple of months now with no issues reading or printing PDF's.

On 9/21/05, Andrew Haninger <[EMAIL PROTECTED]> wrote:
> On 9/21/05, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote:
> > I dont use the official Adobe reader any more for his reason and more.
> What do you use?
>
> Are there good, secure/safe viewers available for Windows? Linux?
>
> On Linux. I've used xpdf and gpdf. Neither was perfect but they tended 
> to get the job done. For example, I recently made a .PS with AbiWord 
> on Linux and then used ps2pdf to make it into a PDF. gpdf opens it but 
> it's blank. Probably a fonts or CUPS issue.
>
> Adobe's viewer is pretty darn reliable.
>
> -Andy
>


--
ME2  <http://www.santeriasys.net/>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PDF's unsafe?

[Matthew Murphy]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Geo. wrote:

|>> and I know it doesn't run javascript or allow
|
| executable attachments in PDF's, like Adobe's does.<<
|
| Executable attachments? How?
|
| Geo.

Not sure exactly how you go about adding them to documents, but Zulu's
PDF worm broke the ice on this subject back in 2001:

http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]

Zulu's PDF worm only functions in the Full Acrobat, which is a
blessing, but I'd bet something similar is possible with the
JavaScript support in the Adobe Reader.  I don't have the ability to
create such full-featured PDFs, but it's fairly obvious that PDFs are
a little too "rich" for a simple document format.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDMYzffp4vUrVETTgRA4BNAJ4uUc8voYrJdp4DW2UW0vrlGUV5ewCglljP
tudxmJiyKGTZj/NInr4jclo=
=NWT1
-END PGP SIGNATURE-



smime.p7s
Description: S/MIME Cryptographic Signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PDF's unsafe?

[Micheal Espinola Jr]

Go check it out.  Attachments in PDF's have been a "feature" for a
couple versions now.

I mean executable attachments, as in files that can be immediately
executed without any decompression or manual loading into an
application.  With Adobe, there is no administratively controllable
criteria against what can be attached or run after it is received by
the end-user.

Your mail server AV may bock executable attachments (.exe's, .bat,
etc), but do you allow .PDF's?   Well, executable attachments can be
IN your .PDF's.  Does you AV scan for that as well?


On 9/21/05, Geo. <[EMAIL PROTECTED]> wrote:
> >> and I know it doesn't run javascript or allow
> executable attachments in PDF's, like Adobe's does.<<
>
> Executable attachments? How?
>
> Geo.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


--
ME2  
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] PDF's unsafe?

[Geo.]

>> and I know it doesn't run javascript or allow
executable attachments in PDF's, like Adobe's does.<<

Executable attachments? How?

Geo.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PDF's unsafe?

[Micheal Espinola Jr]

Yea, the jury is still out on exactly how secure FoxIt Reader might be
- but for now its the best alternative I can find.  It doesn't have
any of the bells and whistles that I don't need or want in a PDF
reader anyway, and I know it doesn't run javascript or allow
executable attachments in PDF's, like Adobe's does.


On 9/21/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> yep foxit is really good near the too heavy adobe :)
> but about foxit security , I doesn't bet it's safer than acrobat..
>
> -Message d'origine-
> De: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] De la part de Micheal
> Espinola Jr
> Envoyé: mercredi 21 septembre 2005 17:54
> À: full-disclosure@lists.grok.org.uk
> Objet: Re: [Full-disclosure] PDF's unsafe?
>
> I'm a win32 guy, so I've been using Foxit Reader
> <http://www.foxitsoftware.com/pdf/rd_intro.php>.  Its free, 4.5mb
> total, and is a stand-alone applications that doesn't require an
> install.
>
> I keep it on my thumb drive with my other utils.  I've been using it
> for a couple of months now with no issues reading or printing PDF's.
>
> On 9/21/05, Andrew Haninger <[EMAIL PROTECTED]> wrote:
> > On 9/21/05, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote:
> > > I dont use the official Adobe reader any more for his reason and more.
> > What do you use?
> >
> > Are there good, secure/safe viewers available for Windows? Linux?
> >
> > On Linux. I've used xpdf and gpdf. Neither was perfect but they tended
> > to get the job done. For example, I recently made a .PS with AbiWord
> > on Linux and then used ps2pdf to make it into a PDF. gpdf opens it but
> > it's blank. Probably a fonts or CUPS issue.
> >
> > Adobe's viewer is pretty darn reliable.
> >
> > -Andy
> >
>
>
> --
> ME2  <http://www.santeriasys.net/>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>


--
ME2  <http://www.santeriasys.net/>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] PDF's unsafe?

[ad]

yep foxit is really good near the too heavy adobe :)
but about foxit security , I doesn't bet it's safer than acrobat..

-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Micheal
Espinola Jr
Envoyé : mercredi 21 septembre 2005 17:54
À : full-disclosure@lists.grok.org.uk
Objet : Re: [Full-disclosure] PDF's unsafe?

I'm a win32 guy, so I've been using Foxit Reader
<http://www.foxitsoftware.com/pdf/rd_intro.php>.  Its free, 4.5mb
total, and is a stand-alone applications that doesn't require an
install.

I keep it on my thumb drive with my other utils.  I've been using it
for a couple of months now with no issues reading or printing PDF's.

On 9/21/05, Andrew Haninger <[EMAIL PROTECTED]> wrote:
> On 9/21/05, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote:
> > I dont use the official Adobe reader any more for his reason and more.
> What do you use?
>
> Are there good, secure/safe viewers available for Windows? Linux?
>
> On Linux. I've used xpdf and gpdf. Neither was perfect but they tended
> to get the job done. For example, I recently made a .PS with AbiWord
> on Linux and then used ps2pdf to make it into a PDF. gpdf opens it but
> it's blank. Probably a fonts or CUPS issue.
>
> Adobe's viewer is pretty darn reliable.
>
> -Andy
>


--
ME2  <http://www.santeriasys.net/>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PDF's unsafe?

[Micheal Espinola Jr]

I'm a win32 guy, so I've been using Foxit Reader
.  Its free, 4.5mb
total, and is a stand-alone applications that doesn't require an
install.

I keep it on my thumb drive with my other utils.  I've been using it
for a couple of months now with no issues reading or printing PDF's.

On 9/21/05, Andrew Haninger <[EMAIL PROTECTED]> wrote:
> On 9/21/05, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote:
> > I dont use the official Adobe reader any more for his reason and more.
> What do you use?
>
> Are there good, secure/safe viewers available for Windows? Linux?
>
> On Linux. I've used xpdf and gpdf. Neither was perfect but they tended
> to get the job done. For example, I recently made a .PS with AbiWord
> on Linux and then used ps2pdf to make it into a PDF. gpdf opens it but
> it's blank. Probably a fonts or CUPS issue.
>
> Adobe's viewer is pretty darn reliable.
>
> -Andy
>


--
ME2  
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PDF's unsafe?

[Brent Colflesh]

Andrew Haninger wrote:

On 9/21/05, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote:


I dont use the official Adobe reader any more for his reason and more.


What do you use?

Are there good, secure/safe viewers available for Windows?


I use GSView:

http://www.cs.wisc.edu/~ghost/gsview/

Regards,
Brent
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PDF's unsafe?

[Andrew Haninger]

On 9/21/05, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote:
> I dont use the official Adobe reader any more for his reason and more.
What do you use?

Are there good, secure/safe viewers available for Windows? Linux?

On Linux. I've used xpdf and gpdf. Neither was perfect but they tended
to get the job done. For example, I recently made a .PS with AbiWord
on Linux and then used ps2pdf to make it into a PDF. gpdf opens it but
it's blank. Probably a fonts or CUPS issue.

Adobe's viewer is pretty darn reliable.

-Andy
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PDF's unsafe?

[Micheal Espinola Jr]

As you peer into the modern extended functionality of Adobe PDF's you
are going to find even worse than a javascript.

I dont use the official Adobe reader any more for his reason and more.

On 9/21/05, Geo. <[EMAIL PROTECTED]> wrote:
> Haven't any of the security firms checked out adobe pdf reader to see if
> it's safe? It took 5 minutes to create this nonsense
> http://www.nthelp.com/test.pdf and that's just using the standard features.
> I hate to think what a real hacker could do with a pdf.
>
> Geo.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


--
ME2  
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] PDF's unsafe?

[Geo.]

Haven't any of the security firms checked out adobe pdf reader to see if
it's safe? It took 5 minutes to create this nonsense
http://www.nthelp.com/test.pdf and that's just using the standard features.
I hate to think what a real hacker could do with a pdf.

Geo.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/