Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 0day: PDF pwns Windows

From: silky <michaelslists () gmail com>
Date: Sun, 23 Sep 2007 09:45:06 +1000
On 9/22/07, Geo. <geoincidents () nls net> wrote:

pa> http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
Is this the way responsible disclosure works these days ?
"Adobe?s representatives can contact me from the usual place."

Wow, now that's coordinated release. Knowing the bugs that you found
previously it should take 10 minutes to rediscover this one. Which
makes this even worse.


I just saw his video showing the exploit fireing up calculator, it looks
like the same stuff (feature/exploit call it what you want) that's been
around for years. See www.nthelp.com/test.pdf (warning, it won't damage
anything but it may scare you)


ps, if anyone cares, this exploit does not work on foxit pdf reader v1.3.

foxit rocks.

so lets not call it a 'pdf' vuln, but a 'adobe acrobat' vuln.





Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
mike
http://lets.coozi.com.au/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: