Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Question about trojans / embedding executable code in a trusted file
Posted by: _Andy
Date: June 29, 2010 08:17AM

Hi there. Sorry for what's probably a stupid question but.. I vaguely remember when I was a kid (a looooong time ago) I had a tool that seemed able to embed an executable or a command line argument into a trusted file, so that when the trusted file was ran the exe/cmd line was executed.

The reason I'm asking is that a webapp one of our guys is putting together allows users to upload PDFs and I think is only really planning on extension/header checking for validation.

Am I right in thinking it would be possible to upload malicious content masquerading as a valid PDF or is my Wonder Years narrator messing with me?

Options: ReplyQuote
Re: Question about trojans / embedding executable code in a trusted file
Posted by: Albino
Date: June 29, 2010 08:33AM

Malicious PDFs certainly exist. However whether they work or not depends on the program the victim uses to open the PDF, and whether it's up to date or not.

Options: ReplyQuote
Re: Question about trojans / embedding executable code in a trusted file
Posted by: _Andy
Date: June 29, 2010 08:42AM

Thanks for the reply.

Am I right in thinking that in that situation it would be the 'consumer' of the PDF that would be at risk, rather than the server itself?

Not that that isn't a problem too of course. :]

Options: ReplyQuote
Re: Question about trojans / embedding executable code in a trusted file
Posted by: Albino
Date: June 29, 2010 08:56AM

I believe so. If the extension/header checking is done properly then the server shouldn't be at risk.

Decent antivirus software will probably be able to detect most malicious PDFs, too.

Options: ReplyQuote


Sorry, only registered users may post in this forum.