There is a fucking pdf exploit!?
Fucking A.
How does that even happen?
Almost all of PDF exploits are the reader opening your browser to a location to download the malware. If you crack open a PDF you'll often see URLs for various shit. Mostly normal. I hope sci-hub has some quality control.
FBI CLAIMS THAT TO LIE
No one tracks mere browser links, the 700 exploits known were real exploits.
COUNTLESS new exploits revealed year after year :
Adobe acrobat : https://www.cvedetails.com/product/497/Adobe-Acrobat-Reader.html?vendor_id=53
Foxit : https://www.cvedetails.com/product/16993/Foxitsoftware-Foxit-Reader.html?vendor_id=7654
Look at those ! 700 exploits!
Most are critical in importance. Many insert code into your operating system just by opening a PDF up , even not hooked to internet.
https://www.cvedetails.com/product/32367/Microsoft-Edge.html?vendor_id=26
M$ score over 600 in just 5 short years with Edge.
I cannot figure out why a fucking PDF reader has so many vulnerabilities.
COUNTLESS new exploits revealed year after year :
Adobe acrobat : https://www.cvedetails.com/product/497/Adobe-Acrobat-Reader.html?vendor_id=53
Foxit : https://www.cvedetails.com/product/16993/Foxitsoftware-Foxit-Reader.html?vendor_id=7654
Look at those ! 700 exploits!
Most are critical in importance. Many insert code into your operating system just by opening a PDF up , even not hooked to internet.
Does that include when not using the adobe PDF reader but a Linux PDF reader?
Sure, always. ALL PDF readers on linux have allowed remote code insertion into kernel merely by reading PDFs.
But far less known publicly.
The CIA and FBI spend millions of dollars creating linux PDF exploits off of PDF buffer overflows. NSA does too.
Remote code execution in Okular PDF reader for KDE: https://www.cybersecurity-help.cz/vdb/SB2020031319
some require a click on a thing that is a action link though : "KDE Okular before 1.10.0 allows code execution via an action link in a PDF document."
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9359
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2575
over a dozen for "Evince PDF reader"
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Evince
"XPDF?" 131 CVE Records ! :
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=XPDF
Mupdf? 50 CVE Exploit records :
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Mupdf
Poppler library? Fucking Dumpser fire full of exploits, 111 CVE Records :
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Poppler
Lots of "safe light secure linux PDF readers" use Poppler library. What a goddamned joke.
zer0-day exploits are those which have never been released before.
they are extreemely expensive to purchase
semi true
They are used for years by hackers, until discovered. many PDF exploits last years before being patched.
nevertheless COUNTLESS new exploits revealed year after year :
Adobe acrobat : https://www.cvedetails.com/product/497/Adobe-Acrobat-Reader.html?vendor_id=53
Foxit : https://www.cvedetails.com/product/16993/Foxitsoftware-Foxit-Reader.html?vendor_id=7654
Look at those ! 700 exploits!
(post is archived)