?
Solved

Embed Malicious code within a PDF document

Posted on 2006-07-04
9
Medium Priority
?
828 Views
Last Modified: 2008-03-17
Hello,

I work for a security company who currently works with a lot of pdf documents.  I have heard that it is possible to embed malicious code within a pdf document.  I really would like more information on this topic and a sample pdf document that launches some type of reverse shell or command prompt.  If you could possibly tell me about a program that you could edit pdf code through and tell me how it works or show me where to find a sample document to download that would be great.  I would like a sample so I can attempt to send it through our systems and see if our systems will block the file.

Thanks!
0
Comment
Question by:neilsav
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 672 total points
ID: 17038143
0
 
LVL 38

Expert Comment

by:lherrou
ID: 17038301
neilsav,

To the best of my knowledge, there's been very little in the way of PDF exploits found in the wild (maybe Peachy?). There are a number of "proof-of-concepts" out there, which can be found and tested. In general, with Acrobat and the PDF format becomes more advanced and with greater capabilities (such as javascript and embedded executables),  there comes a greater range of hazards (from VBS and JS to buffer overflows in the browser plugin). Traditionally, PDF files were not well-scrutinized by anti-virus programs. One way to assist in the detection process is to run a virus scanner which scans any files run or executed (as opposed to scanned files only when received or as stored).

LHerrou
0
 
LVL 1

Author Comment

by:neilsav
ID: 17038513
I know that there are tools that do insert code....To prevent this type of activity we block pdf code that include action launch, action javascript...etc...

Thanks for the above comments but they do not fulfill my request.
0
 
LVL 38

Assisted Solution

by:lherrou
lherrou earned 664 total points
ID: 17039410
Well, as Tolomir points out, we are not going to be able to lead you to something that may be used maliciously.

Your best bet would be to get the Adobe Software Development Kit (SDK) at: http://partners.adobe.com/public/developer/acrobat/sdk/index.html.
0
 
LVL 44

Assisted Solution

by:Karl Heinz Kremer
Karl Heinz Kremer earned 664 total points
ID: 17041695
You have to look at two different scenarios: Embedding code in a PDF file (that means via JavaScript) and exploiting a vulnerability in Acrobat or Reader.

You can take a look at the JavaScript Reference Guide to verify that Adobe designed the JS interface with security in mind (to such an extend, that people are asking Adobe to not do certain things, e.g. putting up a warning label on every dialog that gets created via JavaScript). There is nothing in Acrobat's implementation of JavaScript that could be used to harm your system. Of course it depends on what your definition of malicious code is... You could probably create a form that you use for phishing. But IMHO that's not a problem with Acrobat or PDF.

The second scenario is impossible to quantify because we don't know what type of potential problems are in Acrobat or Reader. THat's not different than running any other application and has nothing to do with PDF. I would be (actually, I am) much more concerned with MS Office documents than with PDF files. I work a lot with PDF and I have yet to see one file that is carrying malicious code in it, but I have seen lots of Word documents with macro viruses.

Again, verify for yourself that PDF files are save by reviewing the Adobe API documentation: http://partners.adobe.com/public/developer/pdf/topic_js.html
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question