On Fri, Sep 28, 2001 at 04:28:09PM -0700, Eric Lawrence wrote:
> "Rant No.1 : It seems that Microsoft forgot the fact that PDF files can
> also
> contain malicious code that will execute simply by opening the file in
> the
> reader."
> Since when can .PDF have autoexecuting code? I know that a while ago
> Adobe had a buffer overrun that could be exploited by the PDF *creator*
> tool, but not the reader. Are you saying there are others?
A PDF file in little more than compressed and encapsulated
PostScript. PostScript is a full scripting language and is capable
of executing external commands. There are some "safe" PostScript
interpreters out there and there are some unsafe ones which allow
arbitrary external commands to be run. It's even been the subject
of security advisories. So... If PDF is (or can be, or includes)
glorified PostScript in steriods and PostScript is know to be
unsafe under certain conditions, I thing one has to assume that
the same risks apply to PDF.
Yes? No?
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
