Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PDF's unsafe?

From: Micheal Espinola Jr <michealespinola () gmail com>
Date: Wed, 21 Sep 2005 12:38:30 -0400
Go check it out.  Attachments in PDF's have been a "feature" for a
couple versions now.

I mean executable attachments, as in files that can be immediately
executed without any decompression or manual loading into an
application.  With Adobe, there is no administratively controllable
criteria against what can be attached or run after it is received by
the end-user.

Your mail server AV may bock executable attachments (.exe's, .bat,
etc), but do you allow .PDF's?   Well, executable attachments can be
IN your .PDF's.  Does you AV scan for that as well?


On 9/21/05, Geo. <geoincidents () nls net> wrote:

and I know it doesn't run javascript or allow

executable attachments in PDF's, like Adobe's does.<<

Executable attachments? How?

Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
ME2  <http://www.santeriasys.net/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: