Comments on: Update: Escape From PDF

By: How to protect from dangerous PDF files | Razmisljanja sistemca

How to protect from dangerous PDF files | Razmisljanja sistemca — Sun, 09 May 2010 01:00:33 +0000

[...] Most users think PDF format is highly secure document format, but in reality for some time now experts warn that this is not true anymore. PS: This is potential danger only in the Windows environment PPS: please application programmers to organize your applications that pdf file format can be opened by any reader, not just Adobe, which happens too often via Didier Stevens blog Update-escape-from-pdf [...]

By: Kako se zavarovati pred vse bolj nevarnimi PDF dokumenti | Razmišljanja sistemca | Reflections of sysadmin

Wed, 28 Apr 2010 06:38:16 +0000

[...] Didier Stevens blog Update-escape-from-pdf var a2a_config = a2a_config || {}; a2a_config.linkname="Kako se zavarovati pred vse bolj [...]

By: Jeremy Allen

Jeremy Allen — Tue, 13 Apr 2010 18:44:47 +0000

Didier: I hope you didn’t mind us taking a crack at it. I was able to get a pretty crude version of your idea working after listening to your podcast. I am really interested to see how you did things!

Check out the PoC I came up with at http://bit.ly/cR47tg

By: juza

juza — Tue, 13 Apr 2010 10:40:07 +0000

My download and execute PoC -> http://vimeo.com/10883643

By: Week 14 in Review – 2010 | Infosec Events

Week 14 in Review – 2010 | Infosec Events — Mon, 12 Apr 2010 08:39:55 +0000

[...] Update: Escape From PDF – didierstevens.com The interesting thing about this fix is that it breaks my Foxit PoC, but that the Adobe PoC works for Foxit now! [...]

By: yunsoul

yunsoul — Sat, 10 Apr 2010 06:40:46 +0000

I make a simple tool in order to disable the Adobe Reader’s Launch Action & JavaScript option.

=> http://blog.naver.com/happyme9/130084033060

By: Blog

Blog — Fri, 09 Apr 2010 23:36:04 +0000

To Catch a PDF Hacker, You Have To Think Like One…

Despite the improvements Adobe has developed for Acrobat and Reader, it’s still tough to stay on top of creative hackers who love to use the PDF. To that end, security researchers like Didier Stevens finds ways to hack into an application in ord…

By: earthsound

earthsound — Thu, 08 Apr 2010 19:23:26 +0000

@Fabricio: PDF-XChange Viewer is not “safe”, in that it supports the /Launch commmand.

Didier’s example PDF did not include a path. If it had, PDF-XChange Viewer would have opened the command prompt.

You can use notepad to edit his PDF and change cmd.exe to C:\\\\WINDOWS\\\\system32\\\\calc.exe and try opening it it PDF-XChange Viewer.

By: Fabricio Garcia

Fabricio Garcia — Thu, 08 Apr 2010 08:22:58 +0000

Thank you and thanks for your research…

By: Cumhur Kara

Cumhur Kara — Thu, 08 Apr 2010 07:54:35 +0000

Zemana also demonstrate download and exec poc based on yours poc.
http://blog.zemana.com/2010/04/escape-from-pdf-modified-by-zemana.html

Cumhur Kara (Turkey)