The last week I had very much to do and now this week I’m ill and have a temperature. Yes, the world’s hard but don’t worry I’m alive and the title of this blog posting has nothing to do with my ill health, so let’s start talking about things that matters.

pdp wrote an interesting blog posting today about his research on the well known so called PDF UXSS vulnerability. Because pdp did a good job on his posting, I just want to quote a part of it:

“PDF is very interesting file format. It allows the PDF consumer to do almost everything they can think of and this is the reason why I find it quite insecure. When David posted the findings on how to backdoor PDF files, he also mentioned that it is possible to automatically launch http:// urls inside the default browser. The Adobe folks did not took that warning seriously and as such a partial fix was released for Reader 8.0: the user is asked for confirmation when a desktop document tries to launch an external link at load time.

Where does this leave us? I found that the checks implemented in Reader and Acrobat Trial are inefficient. My investigation shows that it is possible to launch file:// urls, which is something very dangerous to do. file:// protocol urls, launched in the browser, grant malicious JavaScript objects permissions to list the filesystem and steal confidential information. More information about the dangers of the file:// protocol can be found here and here.”

OK, sounds very cool

He also set up some POCs which you can find here.

I really hope that we’ll see more such stuff in the near future and as soon as I’m hale and hearty again, I also continue researching on the topic of web application security