[Infowarrior] - More on...Is it time to consider PDF a threat?

Richard Forno rforno at infowarrior.org
Wed Feb 13 12:56:09 UTC 2008


---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>


: Is it time to consider PDF a threat?
: : By Joel Hruska | Published: February 12, 2008 - 02:05PM CT
: : 
http://arstechnica.com/news.ars/post/20080212-is-it-time-to-consider-pdf-a-t
: hreat.html

Article references and somewhat based on:

http://www.symantec.com/enterprise/security_response/weblog/2008/02/pidief_a
_byword_for_0day_explo.html

Pidief, the Word for Exploits?
Posted by Hon Lau on February 9, 2008 09:31 AM
: The attack has raised some questions regarding the security of the PDF :
standard‹Symantec researcher Hon Lau discusses the relevant PDF :
vulnerability 
in his blog before rhetorically asking: "With more and : more of these
attacks 
happening, how much longer will it be before : people implicitly attach a
higher risk association to PDF files and : avoid them altogether?"

: : To answer his question, some of us already do. While there's not a whole
: 
lot of evidence suggesting that the PDF standard is under concerted :
attack, 
there mere existence of these exploits affects perception of : them, and
Adobe 
is doing itself no favors.
In case it wasn't rhetorical, and in case everyone else isn't aware, PDF
documents are just as vulnerable as any other popular format these days.
According to OSVDB, a sampling:

41495 2008-02-07 Adobe Reader / Acrobat Unspecified JavaScript Methods
Multiple Unspecified Overflows 41494 2008-02-07 Adobe Reader / Acrobat
EScript.api Plug-in Crafted PDF Arbitrary Code Execution
41492 2008-02-05 Adobe Reader / Acrobat Multiple Unspecified Issues
35872 2007-03-07 Adobe Acrobat Reader AcroPDF.DLL Crafted .pdf URL
Remote DoS 33897 2007-02-28 Adobe Reader PDF file:// URI Arbitrary
File Access
32871 2007-01-17 Multiple Product Adobe PDF Specification Invalid Tree
Node DoS 32870 2007-01-17 Multiple Product Adobe PDF Specification
Malformed Catalog Dictionary DoS
31596 2007-01-03 Adobe Acrobat Reader Plugin PDF URL Memory Corruption
DoS
31056 2006-12-27 Adobe Acrobat Reader Browser Plug-in for MSIE Malformed
PDF Request DoS
31048 2006-12-27 Adobe Acrobat Reader Browser Plug-in PDF Handling
Memory Corruption 31046 2006-12-27 Adobe Acrobat Reader Browser Plug-in
PDF XSS 31047 2006-12-27 Adobe Acrobat Reader Browser Plug-in PDF CSRF
[..]

Apparently, security professionals were not taken seriously 15+ years ago
when they warned not to open untrusted attachments (meaning ANY kind) from
strangers. Word, Excel, PowerPoint, GIF, JPG, PDF .. doesn't matter. You
double-click to open, you probably deserve what you get, unless you were one
of the handful bitching at these vendors to deliver secure products.




More information about the Infowarrior mailing list