Tuesday, April 6, 2010

Can You Give A Dog Meclizine

Falla PayPal.com

A hacker can find a way to exploit attack pdf files, without these being afflicted by some security flaw.

To do so, Didier Stevens has created a proof-of-concept
PDF
able to run a file embedded in it. The tricky part of this attack, is almost imminent, because the majority of PDF readers are not allowed to open embedded files (like binaries and scripts) and crashes, but Stevens has succeeded in its goal finding a way to launch a command prompt and run the embedded file without user interaction. In tests
Stevens with Foxit Reader, there is no warning, while Adobe Reader is the only impediment run file is a warning, which can be solved with a bit of healthy

social engineering. Remember that the above does not exploit any vulnerability within different reader, all you need is just a lot of imagination in which the specification of PDF during its creation.

Posted by admin at 12:33 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)