Re: odd Adobe Acrobat thing...

["Dave Korn" <davek_throwaway () hotmail com>]

----Original Message----
> From: Morning Wood
> Message-Id: BAY10-DAV15FB4ABD3CF6D1FADB80DED9E70 () phx gbl

> i noticed...
>
> simply rolling over a *.pdf on your desktop launches...
> C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

  Probably only if you have that godawful webview of folders switched on and
it's trying to render a little thumbnail to put at the bottom of the html
column on the left-hand-side, no?  I'm still on Acrobat 6.0 and it doesn't
do that, at least the way I have it configured.  Adobe have probably
implemented whatever COM interface it is that renders a thumbnail for
explorer in their shell extension between v6 and v7.

> im guessing Explorer is doing some odd things ( preloading on a rollover )
> ..reminds me of the jpg GDI exploit. i imagine if AcroRd32Info.exe is
> exploitable you could craft a bad .pdf with data to overflow that exe. ( a
> simple rollover would start the sploit )

  Yep, it's the exact same problem.  'doze is basically launching a viewer
application (ok, COM server) whenever you mouse over various types.  This is
as bad an idea as the option to make-things-seem-more-like-the-web
automatically launch files when you click on them once instead of twice, or
one-touch record on tape decks, or fire alarms with the glass pre-smashed,
or any other vital fool-proof safety measure that someone removed because it
was 'inconvenient' :-(

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/