New Method Could Hide Malware In PDFs, No Further Exploits Needed 234
Trailrunner7 writes "A security researcher has managed to create a proof-of-concept PDF file that executes an embedded executable without exploiting any other security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file. With Adobe Reader, the only thing preventing execution is a warning. Disabling JavaScript will not prevent this."
Re:PDF-XChange (Score:4, Funny)
Do you always refer to yourself with the royal "we"?
Windows only again? (Score:1, Funny)
Poor Mac OS X and Linux users are left out again.
Re:Clever social engineering... (Score:5, Funny)
Re:PDF-XChange (Score:4, Funny)
I'm pretty sure a substantial minority of your eukaryotes actually prefer Adobe products.
The "we" you're using is just your corporeal ruling elite talking, Man! It's just another example of your neurons keepin' your connective cells and fat tissue down!
Hey Google, integrate this too! (Score:2, Funny)
Chrome integration of one buggy plugin deserves another, right?
Re:PDF-XChange (Score:4, Funny)
As Mark Twain once said, "Only kings, presidents, editors, and people with tapeworms have the right to use the editorial 'we.'"
Peter does not appear to be a king, is unlikely to be a president, and he's probably not an editor...
Re:PDF-XChange (Score:4, Funny)
To be fair, my fatty tissue is an ass, and my connective tissues jerk me around all the time.
Re:PDF-XChange (Score:4, Funny)
Worst security flaw of the decade (Score:3, Funny)
There is a command in the PDF language that says "execute the following command-line!" I thought having that ability in the scripting language was dumb. But it's actually available in the document description format? What possible purpose could that server? I don't want a message box added, or a security setting -- just remove that command entirely from the implementation!
How did this come about when they were designing the PDF format?
"Let's make it support bold, italic, underline, and execute."
One of the above does not fit with the others.
Re:PDF-XChange (Score:5, Funny)
Re:Sad (Score:3, Funny)
...I was thinking PoC meant Piece of Crap which I thought was redundant when referring to a PDF.
In my experience, the proper industry acronym is BFPoC, for Big Fat Piece of Crap, a term allegedly coined by one Artemus Clyde Frog.
Re:Sad (Score:4, Funny)
This is one reason open-source is generally better: when an open-source project is done, the developers leave it that way (unless any bugs are found), and go find something else productive to work on.
One word: Emacs.