[OWASP-Security101] Security Publications by PDF
patrick_laverty at brown.edu
Wed Apr 25 19:28:52 UTC 2012
Thanks Nightshade, but I think I was thinking more along the lines of
an area that you touched on:
> Is it possible for
> someone to gain access to the distribution server of these files and inject
> malicious exploits into the PDF...sure. Is it likely? Probably not...
No, I was more thinking that Club Hack or HITB was putting something
malicious in there. I mean even if they gave us a hash of the file,
could it still have malicious code in there? I have no idea who HITB
or Club Hack are. If it was coming from some of the bigger name
vendors like an IBM or HP, I'd have a little more faith in it, but who
is HITB or Club Hack?
As for someone gaining access to the distribution server and getting
injected, sure, that can happen to anyone. But I was more concerned
about the PDF getting injected by the publisher.
More information about the Security101