Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

List All Open Ports and Stop the Services Behind Them

LXer Features

My Linux Laptop

Laptop Dual Boot Project: Part 2

Laptop Dual Boot Project

Lenovo Laptop Love..Not!

Attempting to install Linux on a new laptop, a follow-up

Attempting to install Linux on a new laptop

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

Seems like Sparky KDE 2024.05 has KVM Hypervisor setup broken

Wrong headline

Uhhh

this time, it's an ad

Calamares 3.3.5 vs Ubuntu 24.04 Desktop installer

Virt-manager vs Cockpit Web Console on Fedoras 40 Beta,39,38 and other Linux Flavors

KDE Plasma 6.0.2 on Manjaro Testing branch

Wonderfull app

How to contact editorial board of Lxer.com in private ?

LOL

More...

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

Hacker finds a way to exploit PDF files, without a vulnerability

Posted by tracyanne on Apr 1, 2010 4:03 AM EDT
ZDNet; By Ryan Naraine

Mail this story
Print this story

A security researcher has managed to create a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities.

Although PDF viewers like Adobe Reader and Foxit Reader doesn’t allow embedded executables (like binaries and scripts) to be extracted and executed, Stevens discovered another way to launch a command (/Launch /Action), and ultimately run an executable he embedded using a special technique.

Stevens said Adobe’s PDF Reader will block the file from automatically opening but he warned that an attacker could use social engineering tricks to get users to allow the file to be opened.

With Foxit Reader, there is no warning whatsoever:

Full Story

Nav

» Read more about:

« Return to the newswire homepage

Subject	Topic Starter	Replies	Views	Last Post
The exploit appears to be an exploit of the PDF standard	tracyanne	18	1,134	Apr 1, 2010 6:36 PM

You cannot post until you login.

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software