Oct 14, 2009

PDF Structure + embedded JavaScript

Since recently, I’ve been studying about PDF structure and how it can be a platform to distribute and infect malware to user. All I can say, it is made possible through vulnerability in handling JavaScript. As my friend quoted from Didiers Stevens statement, “PDF + JS = OMG”.

Actually Didiers Stevens has come out with a tool that allows you to create a PDF file and embed JavaScript code into the file. It is a nice tool which allow us to learn about the structure of PDF file and how JavaScript code is embedded into it. Have a look it in here.

Example PDF file that’ll crash Adobe Reader 8.1.2 on XP SP2
$ python -j “util.printf(’%5000f’, 0.0);” donotopen.pdf

From here, with a complete JavaScript code to do heapspray and execute shellcode, the PDF file is ready to get to the user and infect the computer.