Quicklinks: Home Contact

Advisories

G-SEC™ regularly publishes advisories about vulnerabilities that we discovered during our research. G-SEC™ tries to follow responsible disclosure guidelines whenever possible.

More information »

Advisories


Symantec - Generic PDF detection bypass


Release mode: Coordinated
Reference : [GSEC-47-2009] - Symantec generic PDF bypass
Vendor : http://www.symantec.com
Status : Patched
CVE : none attributed yet
Credit : http://tinyurl.com/ygqnlhs
Discovered by : Thierry Zoller (G-SEC)

Affected products :


I. Background

Quote: "Symantec helps consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored."

II. Description

Improper parsing of the PDF structure leads to evasion of detection of malicious PDF documents at scantime and runtime. This has been tested with several malicious PDF files and represents a generic evasion of all PDF signatures and heuristics.

General information about evasion/bypasses can be found at : http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html


III. Impact

Known PDF exploits/malware may evade signature detection, 0day exploits may evade heuristics.


V. Disclosure timeline
DD.MM.YYYY

Note: All trademarks mentioned herein belong to their respective owners.