• Posts Tagged ‘pdf’

    AV Bypass for Malicious PDFs Using XDP

    by  • June 15, 2012 • Uncategorized

    Update - 06/19/2012 alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-PDF Adobe PDF XDF encoded download attempt"; flow:to_client,established; flowbits:isset,file.xml; file_data; content:"JVBERi"; fast_pattern:only; content:"

    Read more →

    Analyzing CVE-2011-2462 0-Day: Part2

    by  • December 10, 2011 • Uncategorized

    Introduction On December 7th, Brandon provided his analysis of a malicious PDF (MD5: 517fe6ba9417e6c8b4d0a0b3b9c4c9a9) which utilized an Adobe Reader 0day (leveraging a U3D vulnerability). After successful exploitation the PDF drops a windows exec...

    Read more →

    Recycling U3D Object Contents

    by  • December 7, 2011 • Uncategorized

    This is a super short post, but I wanted to put it out there for those attempting to identify the specific bug and trigger for the exploit. My theory is that object 10 (see my earlier post) is the whole show. In other words, as long as you have th...

    Read more →

    Analyzing CVE-2011-2462 – Part One

    by  • December 7, 2011 • Uncategorized

    Before I went to bed last night I took a look at uploaded files to PDF X-RAY in hopes that Christmas would come early (CVE-2011-2462 in my reports) and was surprised when I came across a file with /U3D references. I snatched the file off the serve...

    Read more →

    LaTeX Malicious PDF Generation

    by  • October 7, 2011 • Uncategorized

    A couple weeks ago I came across a PDF file used in a targeted attack. I didn't have too much background information, but it appeared to have came from China and was using CVE2011-0611 to do its dirty work. The first thing that caught my eye about...

    Read more →