| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Sep 21 17:40:32 2005 From: mattmurphy at kc.rr.com (Matthew Murphy) Subject: PDF's unsafe? -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Geo. wrote: |>> and I know it doesn't run javascript or allow | | executable attachments in PDF's, like Adobe's does.<< | | Executable attachments? How? | | Geo. Not sure exactly how you go about adding them to documents, but Zulu's PDF worm broke the ice on this subject back in 2001: http://securityresponse.symantec.com/avcenter/venc/data/vbs.peachypdf@mm.html Zulu's PDF worm only functions in the Full Acrobat, which is a blessing, but I'd bet something similar is possible with the JavaScript support in the Adobe Reader. I don't have the ability to create such full-featured PDFs, but it's fairly obvious that PDFs are a little too "rich" for a simple document format. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDMYzffp4vUrVETTgRA4BNAJ4uUc8voYrJdp4DW2UW0vrlGUV5ewCglljP tudxmJiyKGTZj/NInr4jclo= =NWT1 -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3436 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050921/ef0c9e85/smime.bin
Powered by blists - more mailing lists