Didier Stevens

Thursday 29 April 2010

Update: PDFiD Version 0.0.11 to Detect /Launch

Filed under: My Software,PDF,Update — Didier Stevens @ 10:11

Now that malicious PDFs using the /Launch action become more prevalent, I release a new PDFiD version to detect (and disarm) the /Launch action.

7 Comments »

  1. Thanks Didier!

    Unix folks—run it through dos2unix to get it to run using the shebang instead of needing ‘python ./pdfid.py’.

    Comment by Grant Stavely — Thursday 29 April 2010 @ 14:51

  2. @Grant Stavely That’s an error, normally my PDF tools are saved as Unix text. I’ll fix it. I fixed it.

    Comment by Didier Stevens — Thursday 29 April 2010 @ 15:01

  3. [...] It’s worth noting here, that while Adobe hasn’t changed their software in response to the /LAUNCH issue, they did issue guidance for how you could limit or block the feature if you wish. also, Stevens recently modified his PDFID utility to identify PDFs which employ the /LAUNCH feature. [...]

    Pingback by PDF Exploits Bloom in the Spring- The Hackers Edge — Sunday 2 May 2010 @ 2:04

  4. [...] It’s worth noting here, that while Adobe hasn’t changed their software in response to the /LAUNCH issue, they did issue guidance for how you could limit or block the feature if you wish. also, Stevens recently modified his PDFID utility to identify PDFs which employ the /LAUNCH feature. [...]

    Pingback by Macintosh Stuff – iPhone – Macbook – Brasil — Monday 17 May 2010 @ 18:00

  5. peace

    whene execute it, i get this:

    File “E:\pdfid.py”, line 272
    print ‘/%s -> /%s’ % (HexcodeName2String(wordExact), wordExactSwapped)
    ^
    SyntaxError: invalid syntax

    Comment by marouane — Saturday 18 September 2010 @ 10:04

  6. @marouane What version of Python are you using? If you are using 3.X, move to 2.6.

    Comment by Didier Stevens — Saturday 18 September 2010 @ 15:25

  7. yes.. that’s right, i use the 3 version
    now i donwload the 2.6 version, and it’s work fine (i must learn some thing about Py :-) )

    thank you very mach :)

    Comment by marouane — Sunday 19 September 2010 @ 14:34


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 227 other followers

%d bloggers like this: