not the first Use-after-free vulnerability in Adobe Reader – no pdf mail attachments are ALSO not safe (UNFORTUNATELY) (Minimal GNU Linux OS and (of course) Doom runs in PDF document)

10.Feb.2025

crazy stuff, Cyber, Cybercrime, CyberSec / ITSec / Sicherheit / Security / SPAM, HolyCow, why seriously why

cybersecurity wise mankind is doomed if mad CEOs (on drugs?) think it’s a good idea to allow the most bizare embedding of software into word.doc, excel.xls, just-want-to-print-that-file-properly.pdf and other formats

“Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors” https://app.opencve.io/cve/CVE-2014-0496

“Minimal Linux OS runs in a 6MB PDF document in Chrome LinuxPDF leverages RISC-V emulator” (src) cool but why is this even possible? X-D (because someone at Adobe thought that would be cool)

“The full specfication for the JS in PDFs was only ever implemented by Adobe Acrobat, and it contains some ridiculous things like the ability to do 3D rendering, make HTTP requests, and detect every monitor connected to the user’s system. However, on Chromium and other browsers, only a tiny subset of this API was ever implemented, due to obvious security concerns.” (src: https://github.com/ading2210/linuxpdf)

try it out (on Chrome browser and Acrobat Reader only?)

“Linux: Minimal system runs in PDF document” “Linux: Minimalsystem läuft im PDF-Dokument” (heise.de)

“Doom” runs as a PDF at 12 frames per second” “Doom” läuft als PDF mit 12 Bildern pro Sekunde” (heise.de)

COOL BUT WHY? #CANTMAKETHISSHITUP: why does Adobe ALLOW JavaScript PROGRAMS (or ANY other script) to be embedded into a file.pdf?

WHY? HOW MAD CAN A CEO BE? THERE IS NO REASON TO CREATE SUCH A MASSIVE SECURITY PROBLEM!

until mankind rediscovers sanity and everything-that-makes-sense:

week1: backup on HarddiskA disconnect harddisk PHYSICALLY, put in EMP secure encasing
week2: backup again on HarddiskB disconnect harddisk PHYSICALLY, put in EMP secure encasing
week3: backup again on HarddiskC disconnect harddisk PHYSICALLY, put in EMP secure encasing
repeat

liked this article?

only together we can create a truly free world
plz support dwaves to keep it up & running!
(yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
really really hate advertisement
contribute: whenever a solution was found, blog about it for others to find!
talk about, recommend & link to this blog and articles
thanks to all who contribute!

admin