[CentOS] Another Fedora decision
Lamar Owen
lowen at pari.edu
Wed Feb 11 14:50:10 UTC 2015
On 02/11/2015 09:27 AM, James B. Byrne wrote:
> PDFs are known vectors for malware. They have been exploited in the
> past and no doubt will be exploited in the future. ...
> That said, I readily admit that the risk posed by this particular
> example is low. But, it is not zero.
As an example, I found and downloaded a spec sheet several years back
for a ADVA FSP-II upstream equivalent to the Cisco Metro 1500 wavelength
division multiplex platform. This PDF had an embedded Javascript
exploit (yes, Adobe Reader does do Javascript) and that Windows machine
was pwned in short order (and the user I was running as was not an
administrator equivalent). I suspect that using Adobe Reader on CentOS
could be just as dangerous (in terms of user data exfiltration and/or
payload delivery for crypto-ransomware). Privilege escalation is not
required for much mischief to be done.
Random PDFs are and continue to be malware vectors.
More information about the CentOS
mailing list