Don't take LaTeX files from strangers

By Stephen Checkoway, Hovav Shacham, and Eric Rescorla.

In ;login: The USENIX Magazine, pages 17–22. USENIX, August, 2010.

Abstract

TeX, LaTeX, and BibTeX files are a common method of collaboration for computer science professionals. It is widely assumed by users that LaTeX files are safe; that is, that no significant harm can come of running LaTeX on an arbitrary computer. Unfortunately, this is not the case: In this article we describe how to exploit LaTeX to build a virus that spreads between documents on the MikTeX distribution on Windows XP as well as how to use malicious documents to steal data from web-based LaTeX previewer services.

Material

Reference

@article{checkoway-shacham-rescorla:texhack:login2010,
	author =	{Stephen Checkoway and Hovav Shacham and Eric Rescorla},
	title =		{Don't take {\LaTeX} files from strangers},
	year =		2010,
	month =		aug,
	journal =	{{;login:\@} The USENIX Magazine},
	volume =	35,
	number =	4,
	pages =		{17-22},
	url =           {https://stevecheckoway.github.io/papers/tex_login2010},
}