Are Text-Only Data Formats Safe?
Or, Use This LaTeX Class File to Pwn Your Computer

By Stephen Checkoway, Hovav Shacham, and Eric Rescorla.

In Proceedings of LEET 2010. USENIX, Apr. 2010.

Abstract

We show that malicious TeX, BibTeX, and METAPOST files can lead to arbitrary code execution, viral infection, denial of service, and data exfiltration, through the file I/O capabilities exposed by TeX’s Turing-complete macro language. This calls into doubt the conventional wisdom view that text-only data formats that do not access the network are likely safe. We build a TeX virus that spreads between documents on the MiKTeX distribution on Windows XP; we demonstrate data exfiltration attacks on web-based LaTeX previewer services.

Material

Reference

@InProceedings{checkoway-shacham-rescorla:texhack:leet2010, author = {Stephen Checkoway and Hovav Shacham and Eric Rescorla}, title = {Are Text-Only Data Formats Safe? Or, Use This {\LaTeX} Class File to Pwn Your Computer}, booktitle = {Proceedings of LEET 2010}, year = 2010, editor = {Michael Bailey}, month = apr, organization = {USENIX} }

Navigation: Hovav Shacham // Publications // [CSR10]