Can You Accept LaTeX Files from Strangers? Ten Years Later
@article{Lacombe2021CanYA,
title={Can You Accept LaTeX Files from Strangers? Ten Years Later},
author={Guilhem Lacombe and Kseniia Masalygina and Anass Tahiri and Carole Adam and C{\'e}dric Lauradoux},
journal={ArXiv},
year={2021},
volume={abs/2102.00856}
}It is well-known that Microsoft Word/Excel compatible documents or PDF files can contain malicious content. LTEX files are unfortunately no exception either. LTEX users often include thirdparty codes through sources or packages (.sty or .cls files). But those packages can execute malicious commands on the users’ system, in order to capture sensitive information or to perform denial of service attacks. Checkoway et al. [3] were the first to warn LTEX users of these threats. Collaborative…
References
SHOWING 1-10 OF 15 REFERENCES
Office Document Security and Privacy
- Computer ScienceWOOT @ USENIX Security Symposium
- 2020
This work presents a systematic analysis of the capabilities of malicious office documents, and abuse legitimate features of the OOXML and ODF specifications.
Don't Take LaTeX Files from Strangers
- Computer Sciencelogin Usenix Mag.
- 2010
This article describes how to exploit LaTeX to built a virus that spreads between documents of the MiKTeX distribution on Windows XP as well as how to use malicious documents to steal data from Web-based LaTeX previewer services.
Are Text-Only Data Formats Safe? Or, Use This LaTeX Class File to Pwn Your Computer
- Computer ScienceLEET
- 2010
We show that malicious TEX, BIBTEX, and METAPOST files can lead to arbitrary code execution, viral infection, denial of service, and data exfiltration, through the file I/O capabilities exposed by…
Malicious PDF Documents Explained
- Computer ScienceIEEE Security & Privacy
- 2011
PDF reader software designers have begun using Windows security features such as data execution prevention (DEP) and address space layout randomization (ASLR) to prevent exploits from executing.
Information hiding-a survey
- Computer ScienceProc. IEEE
- 1999
An overview of the information-hiding techniques field is given, of what the authors know, what works, what does not, and what are the interesting topics for research.
On Training Robust PDF Malware Classifiers
- Computer ScienceUSENIX Security Symposium
- 2020
The first steps towards training robust PDF malware classifiers with verifiable robustness properties are taken, including a new distance metric that operates on the PDF tree structure and specifies two classes of robusts properties including subtree insertions and deletions.
Data Hiding in a Kind of PDF Texts for Secret Communication
- Computer ScienceInt. J. Netw. Secur.
- 2007
The steganographic system PDFStego is described, in which several strategies are applied to improve security, such as making use of redundancy to complement security; constituting two chaotic maps to meet the Kerckhoffs principle and to prevent statistical attacks.
Data Hiding for Text Document in PDF File
- Computer ScienceIIH-MSP
- 2017
A collection of space lengths is regarded as one dimensional feature vector and signal processing approaches for the vector to embed more information with less distortions to focus on the Portable Document Format files.
Techniques for Data Hiding
- Computer ScienceIBM Syst. J.
- 1996
This work explores both traditional and novel techniques for addressing the data hiding process and evaluates these techniques in light of three applications: copyright protecting, tamper-proofing, and augmentation data embedding.