27C3 - Version 1.6.3

27th Chaos Communication Congress
We come in peace

Speakers
Julia Wolf
Schedule
Day Day 4 - 2010-12-30
Room Saal 1
Start time 11:30
Duration 01:00
Info
ID 4221
Event type Lecture
Track Hacking
Language used for presentation English
Feedback

OMG WTF PDF

What you didn't know about Acrobat

Ambiguities in the PDF specification means that no two PDF parsers will see a file in the same way. This leads to many opportunities for exploit obfuscation.

PDFs are currently the greatest vector for drive-by (malware installing) attacks and targeted attacks on business and government. A/V technology is extraordinarily poor at detecting these. The PDF format itself is so diverse and vague, that an A/V would need to be 100% bug-compatible with the parser in the vulnerable PDF reader.

You can also do cool tricks like make a single PDF file that displays completely differently in several different readers.