Dailydave mailing list archives
Re: 0day, it may not be
From: Thierry Zoller <Thierry () Zoller lu>
Date: Fri, 2 Apr 2010 10:47:04 +0200
Hi List,
The interesting bits of the recent report is that the Foxit reader specifically does *not* require user interaction[1], and the ability to partially control the dialog message that is displayed to the user in Adobe Reader[2].
Besides the fact that this is a few years old - This was reported by C0RE on Bugtraq last year, independently did a blog post here[2]. Heads Up to CORE for crediting my blog entry in their advisory by the way. Quote: "2009-03-05: Core informs the vendor that the authorization bypass bug has been independently discovered by another security researcher and published on the Internet." <- That was the same bug. [1] http://seclists.org/bugtraq/2009/Mar/92 | http://www.coresecurity.com/content/foxit-reader-vulnerabilities [2] http://blog.zoller.lu/2009/03/remote-code-execution-in-pdf-still.html -- http://blog.zoller.lu Thierry Zoller _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- 0day, it may not be dave (Apr 01)
- Re: 0day, it may not be I)ruid (Apr 01)
- Re: 0day, it may not be Thierry Zoller (Apr 02)
- Re: 0day, it may not be Nate Lawson (Apr 01)
- Re: 0day, it may not be Rob Fuller (Apr 01)
- Re: 0day, it may not be cocoruder . (Apr 02)
- Re: 0day, it may not be Nicolas RUFF (Apr 02)
- Re: 0day, it may not be I)ruid (Apr 01)