On 02/11/2015 09:27 AM, James B. Byrne wrote:
PDFs are known vectors for malware. They have been exploited in the
past and no doubt will be exploited in the future. ...
That said, I readily admit that the risk posed by this particular
example is low. But, it is not zero.
As an example, I found and downloaded a spec sheet several years back
for a ADVA FSP-II upstream equivalent to the Cisco Metro 1500 wavelength
division multiplex platform. This PDF had an embedded Javascript
exploit (yes, Adobe Reader does do Javascript) and that Windows machine
was pwned in short order (and the user I was running as was not an
administrator equivalent). I suspect that using Adobe Reader on CentOS
could be just as dangerous (in terms of user data exfiltration and/or
payload delivery for crypto-ransomware). Privilege escalation is not
required for much mischief to be done.
Random PDFs are and continue to be malware vectors.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
