Bugtraq mailing list archives
Re: 0day: PDF pwns Windows
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Fri, 21 Sep 2007 08:37:32 +0100
None of them are related to this vulnerability. As far as I know, the issue is brand new. On 9/21/07, Antivirus Taneja <taneja.security () gmail com> wrote:
Hi, Too interesting and dangerous....Last couple of months there were PDF spamming (Stocks Information) all over the internet..I analyzed those PDF i didn't find any such thing....Did you checked them? Are they related to any vulnerability? Regards, Taneja Vikas http://annysoft.wordpress.com On 9/20/07, pdp (architect) <pdp.gnucitizen () googlemail com> wrote:My upcoming research feature everything regarding this and the issue you have already discussed.really :).. which one... the one from last year? On 9/20/07, Aditya K Sood <zeroknock () secniche org> wrote:pdp (architect) wrote:http://www.gnucitizen.org/blog/0day-pdf-pwns-windows I am closing the season with the following HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one. The issue is quite critical given the fact that PDF documents are in the core of today's modern business. This and the fact that it may take a while for Adobe to fix their closed source product, are the reasons why I am not going to publish any POCs. You have to take my word for it. The POCs will be released when an update is available. Adobe's representatives can contact me from the usual place. My advise for you is not to open any PDF files (locally or remotely). Other PDF viewers might be vulnerable too. The issues was verified on Windows XP SP2 with the latest Adobe Reader 8.1, although previous versions and other setups are also affected. A formal summary and conclusion of the GNUCITIZEN bug hunt to beexpected soon.cheersHi Your point is right. But there are a number of factors other than this in exploiting pdf in other sense. My latest research is working overtheexploitation of PDF. Even if you look at the core then there are no restriction on READ inin most of the versions. Only outbound data is filtered to some extent.youcan even read /etc/passwd file from inside of PDF. Other infection vector includes infection through Local Area Networks through sharing and printing PDF docs and all. My upcoming research feature everything regarding this and the issue you have already discussed. Regards Aks http://ww.secniche.org-- pdp (architect) | petko d. petkov http://www.gnucitizen.org
-- pdp (architect) | petko d. petkov http://www.gnucitizen.org
Current thread:
- Re: defining 0day, (continued)
- Re: defining 0day Charles Miller (Sep 25)
- Re: defining 0day Gadi Evron (Sep 25)
- Re: defining 0day Zow (Sep 27)
- Re: defining 0day Chad Perrin (Sep 27)
- RE: defining 0day Marvin Simkin (Sep 28)
- Re: defining 0day Chad Perrin (Sep 28)
- Re: 0day: PDF pwns Windows Steve Shockley (Sep 25)
- Re: 0day: PDF pwns Windows Iggy E (Sep 25)
- Re: 0day: PDF pwns Windows pdp (architect) (Sep 20)
- Message not available
- Re: 0day: PDF pwns Windows pdp (architect) (Sep 21)
- Re: [Full-disclosure] 0day: PDF pwns Windows Kevin Finisterre (lists) (Sep 21)
- Re: [Full-disclosure] 0day: PDF pwns Windows Aaron Collins (Sep 21)
- Re: Re: 0day: PDF pwns Windows Lamont Granquist (Sep 24)