Skip navigation.
Home

PDF Exploit detection system: Joedoc

We are happy to release Joedoc a novel runtime analysis system for detecting exploits in documents like pdf and doc. In its current beta stage it detects pdf exploits in Acrobat Reader 7.0.5, 8.1.2, 9.0 and 9.2. Check out the submission instructions on www.joedoc.org to check malicious pdfs.

Doc exploit detection

Can you provide any further details about how this detection happens. I'm specifically more interested on the Office doc side. PDF is an open format. Does the tool handle the old binary versions of Office docs as well as the newer OpenXML format?

Hi Have you read:

Hi

Have you read: http://joedoc.org/concept.php ? The system is independent of the application and its documents. So it should detect exploits in old office docs and new ones.

Cheers

Hi, i will be really glad if

Hi,

i will be really glad if you can send us some info regarding the technique you use for validating/invalidating PDF structure as well exploitation score.

Malware Researcher,
Linux Developer.

Hi, we do not parse any pdf

Hi,

we do not parse any pdf structure. Joedoc compares execution traces of benign and malicious pdfs.

Cheers

nice system

it's great that you released something to the public like that. don't know that behavioral cross-referencing techniques are "novel", but it's cool. nice work.