----- Original Message -----
From: "Benjamin Scott" <[EMAIL PROTECTED]>
To: "Greater NH Linux Users' Group" <[EMAIL PROTECTED]>
Sent: Wednesday, June 20, 2001 12:06 PM
Subject: Re: Open Formats (was ZD on Linux)
> On Wed, 20 Jun 2001, Rich C wrote:
> > 3. Providing content that is guaranteed virus-free (as opposed to
> > transmitting word processor documents.)
>
> The security analyst in me feels a need to point out that it would be
quite
> possible for Adobe Acrobat Reader to have a buffer-overflow or similar bug
> that could be exploited by a specially crafted PDF file. In fact, I would
be
> quite surprised if it did not have such bugs. I am less certain as to
whether
> or not anyone has found them -- yet.
>
Following that logic, such an exploit could be accomplished with a JPG
viewer or, for that matter, Paint. The PDF document is simply text,
graphics, and formatting information, similar to a postscript file. To my
knowledge, it doesn't contain any script or code; nor can the PDF viewer
execute any code based on the data in the file.
Plus, doesn't the Acrobat plug-in run in a sandbox, like Javascript?
Rich Cloutier
SYSTEM SUPPORT SERVICES
www.sysupport.com
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
