Comments on: Don’t Open That Doc! http://hackademix.net/2007/09/20/dont-open-that-doc/ Giorgio Maone's answers to the Web, the Universe, and Everything Tue, 02 Dec 2008 12:38:16 +0000 http://wordpress.org/?v=2.2.3 By: Tom Hamilton http://hackademix.net/2007/09/20/dont-open-that-doc/#comment-7572 Tom Hamilton Fri, 04 Apr 2008 20:07:15 +0000 http://hackademix.net/2007/09/20/dont-open-that-doc/#comment-7572 Dear Giorgio, I have a apple computer, with the "tiger system" will no script work with it and is it necessary (are there javascript problems that will affect my computer?) thanks for your time. Dear Giorgio,
I have a apple computer, with the “tiger system” will no script work with it and is it necessary (are there javascript problems that will affect my computer?)
thanks for your time.

]]> By: securology http://hackademix.net/2007/09/20/dont-open-that-doc/#comment-421 securology Fri, 21 Sep 2007 09:55:50 +0000 http://hackademix.net/2007/09/20/dont-open-that-doc/#comment-421 <strong>Still more separation of code and data</strong> Separating code from data is a HUGE problem (possibly a root of all remote code execution evil). Here's more info, some of it new, some of it very old ... Still more separation of code and data

Separating code from data is a HUGE problem (possibly a root of all remote code execution evil). Here’s more info, some of it new, some of it very old …

]]> By: Giorgio http://hackademix.net/2007/09/20/dont-open-that-doc/#comment-420 Giorgio Fri, 21 Sep 2007 08:33:11 +0000 http://hackademix.net/2007/09/20/dont-open-that-doc/#comment-420 @<b>nap</b>: "Proper" PDF spam is a well known trend, <a href="http://www.sophos.com/pressoffice/news/articles/2007/08/pdf-spam.html" target="_blank" rel="nofollow external" rel="nofollow">apparently declining these days</a>, not necessarily an infestation vector. Nevertheless, PDF as a malware vehicle is quite <a href="http://www.news.com/New-virus-travels-in-PDF-files/2100-1001_3-271267.html" target="_blank" rel="external nofollow" rel="nofollow">old news</a>, so malicious mail with an attachment exploiting either an old or a new PDF vulnerability wouldn't come as a big surprise. @nap:
“Proper” PDF spam is a well known trend, apparently declining these days, not necessarily an infestation vector.
Nevertheless, PDF as a malware vehicle is quite old news, so malicious mail with an attachment exploiting either an old or a new PDF vulnerability wouldn’t come as a big surprise.

]]> By: nap http://hackademix.net/2007/09/20/dont-open-that-doc/#comment-418 nap Fri, 21 Sep 2007 07:07:37 +0000 http://hackademix.net/2007/09/20/dont-open-that-doc/#comment-418 I've been getting spam as pdf files. Didn't open them because i guessed there was some virus in them (why else would you spam with pdfs?). If you want I can maybe recover some if you want to dissect them. I’ve been getting spam as pdf files. Didn’t open them because i guessed there was some virus in them (why else would you spam with pdfs?). If you want I can maybe recover some if you want to dissect them.

]]> By: Giorgio http://hackademix.net/2007/09/20/dont-open-that-doc/#comment-417 Giorgio Fri, 21 Sep 2007 06:49:38 +0000 http://hackademix.net/2007/09/20/dont-open-that-doc/#comment-417 The video and the few details Petko added <a href="http://http://www.gnucitizen.org/blog/0day-pdf-pwns-windows#comment-51015" target="_blank" rel="nofollow external" rel="nofollow">in this comment</a> and later, may suggest that <ol> <li>We're still in the cross-application request forgery domain, since <strong>it requires IE7</strong></li> <li>It shouldn't work on Vista (nor on any non-Windows OS, of course -- worth to be said for all those Microsoft zealots out there)</li> <li>It should be mitigated by using an alternate PDF renderer, such as <a href="http://portableapps.com/apps/office/sumatra_pdf_portable" target="_blank" rel="nofollow external" rel="nofollow">Sumatra PDF Portable</a> (open source) or <a href="http://www.foxitsoftware.com/pdf/rd_intro.php" target="_blank" rel="nofollow external" rel="nofollow">Foxit Reader</a></li> </ol> The video and the few details Petko added in this comment and later, may suggest that

  1. We’re still in the cross-application request forgery domain, since it requires IE7
  2. It shouldn’t work on Vista (nor on any non-Windows OS, of course — worth to be said for all those Microsoft zealots out there)
  3. It should be mitigated by using an alternate PDF renderer, such as Sumatra PDF Portable (open source) or Foxit Reader
]]> By: Fulippo http://hackademix.net/2007/09/20/dont-open-that-doc/#comment-415 Fulippo Fri, 21 Sep 2007 06:16:53 +0000 http://hackademix.net/2007/09/20/dont-open-that-doc/#comment-415 "My advise for you is not to open any PDF files (locally or remotely)." I think that adobe wouldn't agree with him.. ;) As always, noScript seems to be the all-in-one solution for a web safe navigation but it can't be useful in a non-web contest where pdfs are often used. I would be curious to know what kind of vulnerability the pdf can use.. or maybe it's just a personal quest against Adobe? “My advise for you is not to open any PDF files (locally or remotely).”
I think that adobe wouldn’t agree with him.. ;)
As always, noScript seems to be the all-in-one solution for a web safe navigation but it can’t be useful in a non-web contest where pdfs are often used.
I would be curious to know what kind of vulnerability the pdf can use.. or maybe it’s just a personal quest against Adobe?

]]>