Turbo

OMG-WTF-PDF


Expo Theatre (Hall G) October 19, 2010 - Feedback   

Bookmark and Share

Julia Wolf

Ambiguities in the PDF specification means that no two PDF parsers will see a file in the same way. This leads to many opportunities for exploit obfuscation.  PDFs are currently the greatest vector for drive-by (malware installing) attacks and targeted attacks on business and government. A/V technology is extraordinarily poor at detecting these. [Well except for my company of course, we detect them all.] The PDF format itself is so diverse and vague, that an A/V needs to be 100% bug-compatible with the parser in the vulnerable PDF reader. [Not that there are any A/Vs which actually parse PDFs yet.]