retrochain

On The Topic of PDF Exploits

Recommended Posts

I wasn't sure what category to post this in.

So I downloaded and opened this file, and was informed it had a form in it that wasn't supported in my reader:

https://www.retromags.com/strategy-guides/nintendo-of-america/paper-mario-players-guide-r81/

I ran it through peepdf and it shows:

Suspicious elements:
        /AcroForm: [1143]
        /Names: [1143, 1146]
        /XFA: [1144]
        /JavaScript: [1145, 1147, 1148, 1149]
        /JS: [1147, 1148, 1149]

Now, I've not done any further analysis to know if there's actually anything malicious in there (although it is a little suspicious for real scans of a book and not e.g. pirated ebooks that might come with some kind of tracking or DRM), but it got me wondering: What's the policy here when it comes to potential PDF exploits?

I didn't see a way to report files (if there is one), and archive.org provides JP2 images in a zip file for anyone wanting to avoid PDF altogether (although many readers you'd have to convert the images first). I've gotten plenty of books from the generous uploaders here that are clean (either in safe formats or running through peepdf shows nothing suspicious, and the last discovery of malware on one of my machines was a long time ago). Are PDF files scanned in some way before uploading, or is anyone allowed to dump PDF files onto the site like if you were to look elsewhere?

Sorry if this is a somewhat strange topic. This is a problem I see all over when it comes to downloading PDF files, and probably a hard one to address. I guess it is just download at your own risk, keep your software up-to-date, and run a trusted anti-virus? I never worried about PDF exploits until recently, since I wasn't aware of what they could do. I should probably look into converting my collection to a safer format in the future, but PDF seems like such a complicated format to me that I would be worried about loss of quality or unnecessary bloating of file size.

Not trying to scare anyone by the way! Just curious what you all think. Like I said, I don't know a lot about the PDF format.

Share this post


Link to post
Share on other sites

Files that are uploaded to the Retromags Download Manager can be reported, but because this was submitted by a user to file locker sites, there is no way to report it. This user links are also not vetted by us as far as I know; only files directly uploaded to the site are. 

 

I can take a look at the file and possibly create a cbr from it, or see if I have a different format for this file already. 

Is always a good idea to proceed with caution when it comes to user links. 

Share this post


Link to post
Share on other sites

We were supposed to have removed all user-submitted links, so that file shouldn't even be available here.  What's up, @Phillyman?

For that matter, a while back there was an oversight in permissions that made it possible for anyone to upload strategy guides to our Download Manager.  One particular user uploaded that file along with a dozen others, some of which were official PDFs and (possibly) none of which were actually scanned by the member in question.  I reported it at the time and E-Day deleted them all from our Download Manager, but I guess the user-submitted links were overlooked.

I say we delete the links AND the fields.  Phillyman has already removed the user submitted link fields from our Magazine Database, but it looks like he forgot about the strategy guide section as well (hey, it happens.  I forget it's there, too.  Once the Internet and super-detailed FAQs happened, strategy guides lost all importance.)

As for PDFs in general - this is just one reason of many we don't use them on our site.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now