Now PDF's turn to be vulnerable

Started Feb 14, 2013 | Discussions thread
AxelR
Senior MemberPosts: 1,006
Like?
Re: Now PDF's turn to be vulnerable
In reply to malch, Feb 19, 2013

malch wrote:

abelits wrote:

malch wrote:

Sean Nelson wrote:

One thing I never hear about is whether the third-party PDF readers such as Foxit, Nitro, etc. are also vulnerable to these regularly occurring threats.

I imagine the vulnerabilities are similar but there are far fewer exploits.

No.

Adobe is ​special​ in this way.

Oh c'mon. Care to substantiate that claim.

PDF is basically a container format and the files can contain many different object types including those with active/executable content.

It's inconceivable that third party readers are completely immune to such vulnerabilities.

The truth is we don't know. The most typical attack vector is an unchecked buffer, opening the door for stack memory overwrite, which in turn opens the door to execute code in the user's context without his knowledge.

This type of vulnerability is well known and new code, in particular managed code like .net, if crafted with security in mind from the start, is much less prone to those issues than (potentially very) old, pre-internet code bases like Acroba,t so it is not stupid to say that modern code has fewer exploit opportunities.

And don't get me started on Photoshop plugins, an open door to code execution for anyone that can write a file to disk. In fact most plugin-extensible apps are potential attack vectors as they will usually happily load and call into anything that looks like one of their plugins.

Besides that, I think that the term "zero day" is overrated: originally a zero-day exploit was used to designate the successful compromising of a given software or system on the very day of its release, meaning that zero days elapsed between the release and the exploit. I don't think this is the case here, but zero-day probably sounds cooler than just exploit.

-- hide signature --
Reply   Reply with quote   Complain
Keyboard shortcuts:
FForum PPrevious NNext WNext unread UUpvote SSubscribe RReply QQuote BBookmark post MMy threads
Color scheme? Blue / Yellow