Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
The TeXbook
Information Flow in the Peer-Reviewing Process
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Some thoughts on security after ten years of qmail 1.0
Proceedings of the 2007 ACM workshop on Computer security architecture
Proceedings of the 16th ACM conference on Computer and communications security
Crouching tiger - hidden payload: security risks of scalable vectors graphics
Proceedings of the 18th ACM conference on Computer and communications security
Hi-index | 0.00 |
We show that malicious TEX, BIBTEX, and METAPOST files can lead to arbitrary code execution, viral infection, denial of service, and data exfiltration, through the file I/O capabilities exposed by TEX's Turing-complete macro language. This calls into doubt the conventional wisdom view that text-only data formats that do not access the network are likely safe. We build a TEX virus that spreads between documents on the MiKTEX distribution onWindows XP; we demonstrate data exfiltration attacks on web-based LATEX previewer services.