Full Disclosure mailing list archives
Re: 0-day PDF exploit
From: Justin Klein Keane <jukeane () sas upenn edu>
Date: Wed, 17 Oct 2007 11:26:15 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adobe has a work around (but doesn't seem to have a fix yet) for this vulnerability (which they categorize as "critical"). They also state (and testing seems to validate) that impact is limited to Windows XP machines with IE 7. http://www.adobe.com/support/security/advisories/apsa07-04.html Justin C. Klein Keane Sr. Programmer Analyst and Information Security Specialist University of Pennsylvania School of Arts and Sciences Computing 3600 Market St. Philadelphia, PA 19104 eric () rachner us wrote:
Why everybody said it is a zero day about PDF? it's just a fault in IE7, or just want to make a big media hit? real PDF zero day will exists in the PDF's file format, or some Adobe's expanded functions.Actually, it's about PDF *and* IE7. Both are at fault, and if either one of them was doing the right thing, the exploit would fail. The first fault is Adobe's. Because it's their code that first acquires the input from the attacker, it's their job IMHO to validate it properly, but they don't. Instead, they turn around and tell Windows to open the bogus URI. The second fault is IE7's. The protocol handler used to fail gracefully by rejecting this kind of malformed URI, but now it doesn't. The new behavior is to turn around and call ShellExecute() with data taken from the URI. I prefer to think of it this way: Adobe's code has been doing the wrong thing for years, and they've gotten lucky. But now, a new bug in IE7 has come along which makes the old bug in Adobe's code exploitable. - Eric _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHFimWR4a3EW2yjlQRAk97AJ4qFK+BsYag6+wvyCtqfKe0BC1TdgCeOMIy d741rlxtPXXJEoDpVgrQpMQ= =IQ9P -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- 0-day PDF exploit biz4rre (Oct 16)
- Re: 0-day PDF exploit phioust (Oct 16)
- Re: 0-day PDF exploit biz4rre (Oct 16)
- Re: 0-day PDF exploit cocoruder . (Oct 16)
- Re: 0-day PDF exploit eric (Oct 17)
- Re: 0-day PDF exploit Justin Klein Keane (Oct 17)
- Re: 0-day PDF exploit cocoruder . (Oct 17)
- Re: 0-day PDF exploit eric (Oct 17)
- Re: 0-day PDF exploit gboyce (Oct 19)
- <Possible follow-ups>
- 0-day PDF exploit biz4rre (Oct 16)
- Re: 0-day PDF exploit full-disclosure (Oct 16)
- Re: 0-day PDF exploit full-disclosure (Oct 16)
- Re: 0-day PDF exploit full-disclosure (Oct 16)
- Re: 0-day PDF exploit full-disclosure (Oct 17)
- Re: 0-day PDF exploit phioust (Oct 16)