Announcements
Voting is now open!
Members, make your selections in the annual (ISC)² Board of Directors election. Vote Now! Voting is open until Sept. 22.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion

The PDF is "Broken"

Next time you open a PDF and nothing displays think again, you may have just be pawned into running a webserver.

 

PDF is at its core a container format that lets you encode arbitrary binary blobs that don’t even have to contribute to the document’s rendering. And those blobs can be stacked with an arbitrary number of encodings, some of which are bespoke features of PDF. To learn more about the threat check out "PDF is Broken: a justCTF Challenge".

1 Reply
Early_Adopter
Community Champion

Re: The PDF is "Broken"

Not the same thing, but this takes me back to 2008/9 when Adobe applications took over as the literal soft inviting underbelly of Windows as better coding, DEP, ASLR etc started to bite.

 

We had a memo from an authority requiring that we uninstall Acrobat and Acrobat Reader or, accept the risk. Naturally the implications were assessed, and risk was duly accepted.

 

I’m glad to say I haven’t seen Acrobat anywhere for some time... 🙂