A pdf file doesnt have any special permissions or anything so i cant think of any way that itd be able to
is viewing a pdf file in chrome completly safe?
how does editing a word document leave you more vulnerable than if you were just viewing it?
In: 4927
Lots of people are talking about Postscript/VB scripts embedded in PDFs and Word documents. That’s one important aspect of it, but not the whole picture. Sometimes even opening an image file (.jpg), displaying just a piece of text, or loading a save file for a game can be dangerous. These are real cases:
– JPG vulnerabilities: [https://umbrella.cisco.com/blog/picture-perfect-how-jpg-exif-data-hides-malware](https://umbrella.cisco.com/blog/picture-perfect-how-jpg-exif-data-hides-malware)
– Text display vulnerabilities: [https://arstechnica.com/information-technology/2015/05/beware-of-the-text-message-that-crashes-iphones/](https://arstechnica.com/information-technology/2015/05/beware-of-the-text-message-that-crashes-iphones/)
– Save game vulnerabilities: [https://wololo.net/2016/05/01/3ds-vhax-released-new-3ds-userland-exploit-for-game-vvvvvv/](https://wololo.net/2016/05/01/3ds-vhax-released-new-3ds-userland-exploit-for-game-vvvvvv/)
These have to do with the fact that the programs used to load those files can have bugs, and files can be specially crafted to exploit such bugs to trigger unexpected behavior, including getting the program or OS to run arbitrary code.
Doc and Pdf files happen to be complicated enough that programs which can open them tend to have a very high number of bugs, so it’s fairly easy to find an exploitable one. But the truth is, nothing is 100% safe no matter how innocent it might feel. This is why security hygiene is the most important. Never trust any files you get from questionable sources.
To see how an exploit might work, imagine a simplified program that looks like:
1: Load the file into slots 3-10.
2: Go to line 11 and continue executing the program from there.
3: (empty slot to hold file content)
…
10: (empty slot to hold file content)
11: Convert data from slots 3-10 into pixels and display the picture
This assumes the file can only fill 8 slots (#3 through #10). But what if the file is bigger than that, and the program is not careful about limiting its size when loading it? Then after filling up slot 10, it’ll continue writing over slot 11, 12, and so on. The program doesn’t realize this. And when it eventually goes to execute line 11, it’ll be executing arbitrary stuff that was loaded from the file instead of the intended program. This is a classic “buffer overrun” vulnerability. A virus author can make a file such that instructions to encrypt your disk land in slot 11. If you try to open this file, your disk will get encrypted.
Latest Answers