topic Re: The PDF is "Broken" in Threats

The PDF is "Broken"

AppDefects — Mon, 09 Oct 2023 09:47:22 GMT

Next time you open a PDF and nothing displays think again, you may have just be pawned into running a webserver.

PDF is at its core a container format that lets you encode arbitrary binary blobs that don’t even have to contribute to the document’s rendering. And those blobs can be stacked with an arbitrary number of encodings, some of which are bespoke features of PDF. To learn more about the threat check out "PDF is Broken: a justCTF Challenge".

Re: The PDF is "Broken"

Early_Adopter — Mon, 08 Feb 2021 16:08:37 GMT

Not the same thing, but this takes me back to 2008/9 when Adobe applications took over as the literal soft inviting underbelly of Windows as better coding, DEP, ASLR etc started to bite.

We had a memo from an authority requiring that we uninstall Acrobat and Acrobat Reader or, accept the risk. Naturally the implications were assessed, and risk was duly accepted.

I’m glad to say I haven’t seen Acrobat anywhere for some time... 🙂