Special Offers
- IGI Global’s New Emerging Topic e-Book Collections
  Acquire highly focused and affordable Cutting-Edge Peer-Reviewed Research Content through a selection of 17 topic-focused e-Book Collections discounted up to 90%, compared to list prices. Collection topics include Artificial Intelligence, Data Science, Language Learning, Marketing and Customer Relations, Sustainability, and many more. Hosted on the InfoSci^® platform, these collections feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Learn More
- Open Access Book (Free Access) - Encyclopedia of Information Science and Technology, Sixth Edition (ISBN: 9781668473665)
  The Encyclopedia of Information Science and Technology, Sixth Edition) continues the legacy set forth by the first five editions by providing comprehensive coverage and up-to-date definitions of the most important issues, concepts, and trends pertaining to technological advancements and information management within a variety of settings and industries. The entire book is being published under open access.
  Read Now
- Open Access Book (Free Access) - Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries (ISBN: 9781668456293)
  Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries provides information on the recent technology, mitigation, and environmental protection that must be applied for food sustainability in developing countries. This book is being published under Platinum Open Access through funding from Diponegoro University, Indonesia.
  Read Now
- Open Access Book (Free Access) - New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY (ISBN: 9781668438091)
  The Walmart Corporation and the Lumina Foundation have provided funding to make New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY fully open access, completely removing any paywall between scholars in education and the latest research on new models for the future of higher education.
  Read Now
- Open Access Book (Free Access) - Handbook of Research on the Global View of Open Access and Scholarly Communications (ISBN: 9781799898054)
  Through a collaboration between IGI Global and the University of North Texas, the Handbook of Research on the Global View of Open Access and Scholarly Communications has been published as fully open access, completely removing any paywall between researchers of any field, and the latest research on the equitable and inclusive nature of Open Access and all of its complications.
  Read Now
Books
- - Books by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Books by Field
Journals
- - Journals
  - OnDemand Journal Articles
  - Journals by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Journals by Field
e-Collections
OnDemand
Open Access
- View All Open Access Opportunities
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Find an Open Access Journal for Your Next Manuscript
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Submit an Open Access Book Proposal
  Learn more about open access book publishing and how it can propel your research forward in the field.
  Convert Your Work to Open Access
  Already published? You can convert your work to open access to increase its impact through IGI Global’s Restrospective Open Access Program.
  Utilize Open Access Collection Database
  Open up your research potential by utilizing our open access content or integrating the open access collection into your library
  Consider Open Access Agreements
  For Libraries: consider no-cost or investment-level open access agreements with IGI Global to support your faculty's research endeavors.
  Search Funding Resources
  Looking for additional funding resources to support your open accesss endeavors? View industry resources compiled by our open access team.
  Review Open Access Policies & Ethical Guidelines
  Considering IGI Global to publish your work under open access? Review IGI Global’s open access policies and ethical guidelines
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - FAQ
Catalogs
About Us

A Survey: Vulnerabilities Present in PDF Files

Sakshi Gupta, Yogita Gigras

Source Title: Detecting and Mitigating Robotic Cyber Security Risks

DOI: 10.4018/978-1-5225-2154-9.ch001

OnDemand:

(Individual Chapters)

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

This chapter presents a compiled analysis of the Characteristics and various vulnerabilities that are present till date of PDF files. Samples of maliciousness can include some zero days and files used on wild for some specific attacks. The PDF format is showed very quickly only to help understand the attack vectors. The PDF files that are malicious attacks are one of the wildest for almost a decade, and recently these types of attacks are increasing, and the various techniques are used to isolate from the anti-virus and other anti-malware software is growing very complex; hence, this is an important reason to work on understanding the protection point.

Chapter Preview

Top

Introduction

Portable Document Format can be abbreviated as PDF and have about two decades of existence, each version of which offers extra features, extensions that may support JavaScript, embedded files and offering huge amount of advantages. In 2008, PDF documents have become a standard in providing the platform independency, security and portability over the other documents formats like wordpad etc. There exist many applications who can not view these files. With these kind of features were consider PDF files as most safe, as they are not executed. In the previous decade too PDF succeeded to maintain a privileged position over the document formats. Until joined the list of non - executable files that they have served as a vehicle for new attacks, such as files text documents, spreadsheets, presentations, video or audio files, allowing Attackers seize computers with the simple fact that a user open a PDF document in your computer.

Recently many news have been aired related to new types of exploitation and abuses that can be done using the PDF files, and certain measures to eliminate these using various types of anti-virus and anti-malware software. These files have also become a complex task in analyzing the signature used on regular basis. For example in is demonstrated as using an encoder little used to use a known vulnerability in the handling of TIFF files (CVE-2010-0188). In described another attack where exploits an old vulnerability (CVE-2010-0188) where XML is hidden in a TIFF, but this time using a bit encoding used to generate the XML, so They are avoiding detection by antivirus.

Figure 1.

PDF file format

Table 1.

Abuses in PDF files

CVE ID	Description	Exploitability
CVE-2014-0546	Allow the bypassing of the sandbox	Low targeted attacks
CVE-2014-0496	Adobe Acrobat exploit	Low
CVE-2013-3346	Adobe Acrobat ToolButton	Low
CVE-2013-2729	PDF File Heap & Integer Overflow	Low targeted attacks
CVE-2013-0641	PDF File exploit & Bypassing Sandbox	Low
CVE-2012-0754	PDF files Flash Contains Corrupted videos	Medium
CVE-2011-4369	PDF file vulnerability in corrupted memory	Medium
CVE-2011-2462	PDF file vulnerability in corrupted memory U3D. Discovered by Lockheed Martin	High
CVE-2011-2100	Inclusion exploit in DLL (Require File and a malicious DLL in same directory). Discovered by Mila Parkour	Low
CVE-2011-0611	Flash Files are embedded in the Ms-office or the pdf files	High
CVE-2011-0609	Flash File Vulnerability; detected in Adobe and Adobe Acrobat	High
CVE-2010-4091	Report PDF Doc.printSeps corrupted memory error	Low
CVE-2010-3654	Flash file Authorization play Exploit	High
CVE-2010-2883	Stack Type Buffer Overflow in CoolType.dll	High
CVE-2010-2884	Not specified vulnerability	Medium
CVE-2010-2862	Integer Overflow in CoolType.dll	Low
CVE-2010-1240	Embedded exe is opened using in built functionality	Low
CVE-2010-1297	Handling of DoABC Flash	Medium
CVE-2010-0188	Integer Overflow	High
CVE-2009-3957	Dereference of NULL pointer	Low
CVE-2009-3954	Vulnerability in 3D loading	Low
CVE-2009-3953	Out of bound issue in U3D	Low
CVE-2009-4324	Use-after-free vulnerability in media player	High
CVE-2009-3459	Heap buffer overflow	Medium
CVE-2009-1862	Not specified exploit in flash files	Low
CVE-2009-1493	Dictionary Open type Buffer Overflow	Low
CVE-2009-1492	Exploitation with the help of open action using javascript code	Low
CVE-2009-0927	Crafted Argument Used in Stack Buffer overflow	High
CVE-2007-0836	Bypassing authorization and overflow of stack	Low
CVE-2009-0658	Overflow of Buffer in Image	Low
CVE-2008-2992	Util.printf in stack buffer overflow	High
CVE-2008-0655	Crafted arguments buffer overflow	High
CVE-2007-5020	Vulnerable	Low

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference

A Survey: Vulnerabilities Present in PDF Files

Abstract

Introduction

Complete Chapter List