16 matches found
Maldoc in PDF Polyglot converter
A malicious MHT file created can be opened in Microsoft Word even though it has magic numbers and file structure of PDF. If the file has configured macro, by opening it in Microsoft Word, VBS runs and performs malicious behaviors. The attack does not bypass configured macro locks. And the malicio...
Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges
Cisco Talos Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...
The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2020 are related to memory usage after it is released. This allows attackers to execute arbitrary code.
The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 is related to the use of memory after it is freed. Exploiting this...
Malicious-Pdf - Generate A Bunch Of Malicious Pdf Files With Phone-Home Functionality
Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh Used for penetration testing and/or red-teaming etc. I created this tool because i needed a third party tool to generate a bunch of PDF files with various links. Usage pytho...
Beers with Talos Ep. #64: Your problem isn’t complex, it's simply complexity
By Mitch Neff Beers with Talos BWT Podcast episode No. 64 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Oct. 10, 2019 This episode lives up to its name, by trying to only take on a minimal topic and the...
Security update for ImageMagick (moderate)
openSUSE Security Update: Security update for ImageMagick Announcement ID: openSUSE-SU-2019:1320-1 Rating: moderate References: 1106989 1106996 1107609 1120381 1122033 1124365 1124366 1124368 1128649 1130330 1131317 1132053 1132054 1132060 Cross-References: CVE-2018-16412 CVE-2018-16413...
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2019:1033-1)
This update for ImageMagick fixes the following issues : Security issues fixed : CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. CVE-2019-7175: Fixed multiple memory leaks in DecodeImag...
Digital Signatures in PDFs Are Broken
Researchers have demonstrated spoofing of digital signatures in PDF files. This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software. Details...
Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-21831)
Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the handling of the delay property of the Annotation object in Foxit Reader 9.2.0.929...
Bad-Pdf - Steal NTLM Hashes With A PDF From Windows Machines
Bad-PDF create malicious PDF to steal NTLM Hashes from windows machines, it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener. This method work on all PDF readersAny version and java scripts are not required...
Multiple PDF readers NTLMv2 Credential Theft (CVE-2018-4993)
A data leakage vulnerability exists in Multiple PDF readers. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted PDF file. Successful results in leakage of the affected user's Net-NTLM credentials...
The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to circumvent JavaScript restrictions.
The vulnerability of the CBSharedReviewStatusDialog method in PDF editing programs from Adobe Acrobat and Adobe Acrobat Document Cloud, as well as in PDF viewing programs from Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control for certain functions...
Security Flaws Haunt PDF Readers
Adobe isn’t the only software vendor struggling to cope with security vulnerabilities in PDF reader applications. According to reports, there are numerous PDF applications — including Foxit Reader and Xpdf — that allow attackers to infect systems with malware. When loading and unloading certain C...
Twitter and Adobe Struggle With Security
By Roel Schouwenberg On Tuesday we got another DDoS attack on Twitter. A lot of people are asking why Twitter doesn’t seem to be coping with attacks like these. And at the same time there are more and more people jumping on the bandwagon saying stay away from Adobe products. What’s the link? Two...
Multiple PDF Readers - Multiple Remote Buffer Overflows
Multiple PDF Readers - Multiple Remote Buffer Overflows source: https://www.securityfocus.com/bid/21910/info Multiple PDF readers are prone to multiple remote buffer-overflow vulnerabilities because the applications fail to bounds-check user-supplied data before copying it into an insufficiently...
Various UNIX and Linux PDF readers/viewers execute commands embedded within hyperlinks
Overview A vulnerability in various UNIX and Linux PDF viewers/readers may allow remote attackers to execute arbitrary commands on your system. Description Adobe Systems Incorporated describes PDF Portable Document Format as "a universal file format that preserves the fonts, images, graphics, and...