Dailydave mailing list archives
Re: 0day, it may not be
From: "I)ruid" <druid () caughq org>
Date: Thu, 01 Apr 2010 11:35:20 -0500
On Thu, 2010-04-01 at 07:52 -0700, dave wrote:
https://forum.immunityinc.com/board/thread/1199/exploiting-pdf-files-without-vulnerabili/?page=1#post-1199 D2 points out rightfully that everyone with the D2 CANVAS Exploit Pack (email admin () immunityinc com now for pricing! :>) has known about this particular feature of PDF's for over two years. D2 comes with an NDA, so it's not surprising it's not "General Knowledge" but the well-funded among you should at least stop acting so surprised. :>
Honestly, I thought pretty much anyone that has spent any amount of time looking at PDFs was probably aware of the Launch action. I wrote a light PDF generator a couple years ago and discovered the ability to Launch commands in relatively short order, but didn't think it anything interesting as it required user interaction via prompting the user with a dialog. The interesting bits of the recent report is that the Foxit reader specifically does *not* require user interaction[1], and the ability to partially control the dialog message that is displayed to the user in Adobe Reader[2]. The under-lying mechanism of being able to execute commands from within a PDF however is fairly well-known and nothing new, as your post also illustrates. [1] http://blog.didierstevens.com/2010/03/29/escape-from-pdf/ [2] http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/ -- I)ruid, CĀ²ISSP druid () caughq org http://druid.caughq.org _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- 0day, it may not be dave (Apr 01)
- Re: 0day, it may not be I)ruid (Apr 01)
- Re: 0day, it may not be Thierry Zoller (Apr 02)
- Re: 0day, it may not be Nate Lawson (Apr 01)
- Re: 0day, it may not be Rob Fuller (Apr 01)
- Re: 0day, it may not be cocoruder . (Apr 02)
- Re: 0day, it may not be Nicolas RUFF (Apr 02)
- Re: 0day, it may not be I)ruid (Apr 01)