Full Disclosure mailing list archives
0-day PDF exploit
From: biz4rre () gmail com
Date: Tue, 16 Oct 2007 15:00:14 +0300
Zero day PDF exploit for Adobe Acrobat Link to exploit: Please download and open it locally in Adobe Acrobat (not in Adobe Acrobat ActiveX control): http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf Description: 0-day proof of concept (PoC) exploit for Adobe Acrobat. Software affected: + Adobe Reader 8.1 (and earlier) + Adobe Acrobat Standard, Pro and Elements 8.1 (and earlier) + Adobe Acrobat 3D System affected: + Windows XP with IE7 Details: To view exploit code in Adobe Acrobat go to: Pages -> Page Properties -> Actions (trigger: Page Open, action: Open a web link) This is URL handling bug in shell32!ShellExecute() Workaround: Currently unavailable. Thanks to: pdp (at) gnucitizen.org for his investigation regards, cyanid-E <biz4rre () gmail com>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- 0-day PDF exploit biz4rre (Oct 16)
- Re: 0-day PDF exploit phioust (Oct 16)
- Re: 0-day PDF exploit biz4rre (Oct 16)
- Re: 0-day PDF exploit cocoruder . (Oct 16)
- Re: 0-day PDF exploit eric (Oct 17)
- Re: 0-day PDF exploit Justin Klein Keane (Oct 17)
- Re: 0-day PDF exploit cocoruder . (Oct 17)
- Re: 0-day PDF exploit eric (Oct 17)
- Re: 0-day PDF exploit gboyce (Oct 19)
- <Possible follow-ups>
- 0-day PDF exploit biz4rre (Oct 16)
- Re: 0-day PDF exploit full-disclosure (Oct 16)
- Re: 0-day PDF exploit full-disclosure (Oct 16)
(Thread continues...)
- Re: 0-day PDF exploit phioust (Oct 16)