Malicious URI resolving in PDF documents
暂无分享,去创建一个
Nowadays, PDF (Portable Document Format) is used very frequently, especially by companies and even more and more by normal users. This can be a good explanation of the rising appeal of cybercriminals for this vector of attack. PDF is also often considered as safer as other document formats like those of Microsoft Office for example. Knowing the many possibilities offered by this format, we can wonder about the question of the confidence which should be given to such a document. Indeed, the use of HTTP(Hypertext Transfert Protocol) requests allows us to execute some arbitrary code outside of the PDF. Including, for example, JavaScript in Internet Explorer. It sill works, despite the updates from Adobe, this is still a pretty good open door to malicious actions. Basically, the purpose of this paper is to show that the simple use of an HTTP request from a PDF can be a pretty good vector for an attacker. Furthermore, this paper deals about how it can be relatively easy to reuse some vulnerabilities from outside the document. In addition, we will see that it’s possible to call an external PDF from another PDF. In fact, it can allow the attacker to adapt his attack by knowing the Adobe software version of the victim even before launching any malicious PDF. Knowledge of this security problem is not new but this article aims to show in detail how the attacker could place his attack.
[1] Roy T. Fielding,et al. Uniform Resource Identifiers (URI): Generic Syntax , 1998, RFC.
[2] -. AlexandreBlonce,et al. Portable Document Format (PDF) Security Analysis and Malware Threats , 2008 .
[3] Éric Filiol. Les virus informatiques: théorie, pratique et applications , 2009 .
[4] Frédéric Raynal,et al. Malicious origami in PDF , 2009, Journal in Computer Virology.