Solved

Embed Malicious code within a PDF document

Posted on 2006-07-04
9
797 Views
Last Modified: 2008-03-17
Hello,

I work for a security company who currently works with a lot of pdf documents.  I have heard that it is possible to embed malicious code within a pdf document.  I really would like more information on this topic and a sample pdf document that launches some type of reverse shell or command prompt.  If you could possibly tell me about a program that you could edit pdf code through and tell me how it works or show me where to find a sample document to download that would be great.  I would like a sample so I can attempt to send it through our systems and see if our systems will block the file.

Thanks!
0
Comment
Question by:neilsav
9 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 168 total points
ID: 17038143
0
 
LVL 38

Expert Comment

by:lherrou
ID: 17038301
neilsav,

To the best of my knowledge, there's been very little in the way of PDF exploits found in the wild (maybe Peachy?). There are a number of "proof-of-concepts" out there, which can be found and tested. In general, with Acrobat and the PDF format becomes more advanced and with greater capabilities (such as javascript and embedded executables),  there comes a greater range of hazards (from VBS and JS to buffer overflows in the browser plugin). Traditionally, PDF files were not well-scrutinized by anti-virus programs. One way to assist in the detection process is to run a virus scanner which scans any files run or executed (as opposed to scanned files only when received or as stored).

LHerrou
0
 
LVL 1

Author Comment

by:neilsav
ID: 17038513
I know that there are tools that do insert code....To prevent this type of activity we block pdf code that include action launch, action javascript...etc...

Thanks for the above comments but they do not fulfill my request.
0
 
LVL 38

Assisted Solution

by:lherrou
lherrou earned 166 total points
ID: 17039410
Well, as Tolomir points out, we are not going to be able to lead you to something that may be used maliciously.

Your best bet would be to get the Adobe Software Development Kit (SDK) at: http://partners.adobe.com/public/developer/acrobat/sdk/index.html.
0
 
LVL 44

Assisted Solution

by:Karl Heinz Kremer
Karl Heinz Kremer earned 166 total points
ID: 17041695
You have to look at two different scenarios: Embedding code in a PDF file (that means via JavaScript) and exploiting a vulnerability in Acrobat or Reader.

You can take a look at the JavaScript Reference Guide to verify that Adobe designed the JS interface with security in mind (to such an extend, that people are asking Adobe to not do certain things, e.g. putting up a warning label on every dialog that gets created via JavaScript). There is nothing in Acrobat's implementation of JavaScript that could be used to harm your system. Of course it depends on what your definition of malicious code is... You could probably create a form that you use for phishing. But IMHO that's not a problem with Acrobat or PDF.

The second scenario is impossible to quantify because we don't know what type of potential problems are in Acrobat or Reader. THat's not different than running any other application and has nothing to do with PDF. I would be (actually, I am) much more concerned with MS Office documents than with PDF files. I work a lot with PDF and I have yet to see one file that is carrying malicious code in it, but I have seen lots of Word documents with macro viruses.

Again, verify for yourself that PDF files are save by reviewing the Adobe API documentation: http://partners.adobe.com/public/developer/pdf/topic_js.html
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now