Adobe PDF exploits

Hi,

As we were talking about PDFs and Adobe, you may find this interesting:

<http://www.h-online.com/security/features/CSI-Internet-PDF-timebomb-1038864.html>

It is a study of how one PDF document was crafted to load malware into a
windows machine (a key logger), not catched by the ativirus.

I think linux would not be vulnerable, in this case, as the calls to
windows libs and procedures would fail - but nevertheless, it might be
proper to open unknown PDFs with opensource readers, and use adobe
reader only with reputable sources, and only if really needed.

At least, javascript can be disabled in the reader. Hold on, did I…?

:-o


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

Indeed. Interesting reading, thanks.

Thankfully, kpdf and/or okular are enough for the majority of PDFs, exception made to the new 3D interactive visualizations, as discussed in another thread.