Blog for hpHosts, and whatever else I feel like writing about ....

Friday 6 March 2009

PDF Vulnerability Now Exploitable With No Clicking

Sometimes a piece of malware can execute without even opening the file. As this is the case with the /JBIG2Decode vulnerability in PDF documents, I took the time to produce a short video showing 3 ways the vulnerability can trigger without even opening the PDF document.

The first 2 demos use a “classic” /JBIG2Decode PDF exploit, the third demo uses a new PoC /JBIG2Decode PDF exploit I developed. This PDF document has a malformed /JBIG2Decode stream object in the metadata instead of the page. All PDF documents used have just a malformed /JBIG2Decode stream object, they don’t include a payload (shellcode), neither a JavaScript heap spray.


Read more
http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/

Kudos to Celtic Ferret @ CoU for the heads up

No comments: