Re: PDF's unsafe?

[Matthew Murphy <mattmurphy () kc rr com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Geo. wrote:

|>> and I know it doesn't run javascript or allow
|
| executable attachments in PDF's, like Adobe's does.<<
|
| Executable attachments? How?
|
| Geo.

Not sure exactly how you go about adding them to documents, but Zulu's
PDF worm broke the ice on this subject back in 2001:

http://securityresponse.symantec.com/avcenter/venc/data/vbs.peachypdf () mm html

Zulu's PDF worm only functions in the Full Acrobat, which is a
blessing, but I'd bet something similar is possible with the
JavaScript support in the Adobe Reader.  I don't have the ability to
create such full-featured PDFs, but it's fairly obvious that PDFs are
a little too "rich" for a simple document format.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDMYzffp4vUrVETTgRA4BNAJ4uUc8voYrJdp4DW2UW0vrlGUV5ewCglljP
tudxmJiyKGTZj/NInr4jclo=
=NWT1
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/