You are viewing a single comment's thread.

view the rest of the comments →

0
0

[–] SharpSliceOfMango ago 

I can protect myself. Those attacks are not on the format. they are on the parser (specific implementations). The PDF is going to be composed of scanned images. Just carve them out of the file.

0
0

[–] B3bomber ago 

Images can contain executable code in the metadata too.

0
0

[–] SharpSliceOfMango ago 

Yes, every data can be some shellcode or some crafted data that triggers a buffer overflow, fmt etc. And every application can have potential bugs in it. You can't trust the application. You need to protect the app and the execution environment. If you want 100% security, don't open it under a seperate VM, open it under a standalone throwaway computer with no network connection. I don't think that they need to exploit your system to gain access, I think that there are already hidden backdoors in the CPU microcode of every x86 and x86_64 system.

In my