funsec mailing list archives
Re: Adobe 0-day in the wild
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Tue, 24 Feb 2009 12:26:49 +0200 (EET)
It appears that the first Milw0rm PoC is surely related to JBIG2, US-CERT's http://www.kb.cert.org/vuls/id/905281 points to Milw0rm's #8090. Juha-Matti nick hatch [nicholas.hatch () gmail com] kirjoitti:
On Mon, Feb 23, 2009 at 1:56 PM, Dragos Ruiu <dr () kyx net> wrote:On 23-Feb-09, at 1:16 PM, nick hatch wrote: Anyone know about a proof-of-concept PDF for this one? eg something that uses a PDF to launch calc or similar. AV vendors are promising detection, but I'd love to get my hands on something that I can use to test our perimeter and the vectors for this myself. Are you talking about last week's Adobe PDF 0day, or this morning's one? http://milw0rm.com/exploits/8099I was thinking last week's, but they both would be handy. Can anyone comment more on the relationship between the exploits? They sound quite similar, and AFAIK there still aren't many details on the former besides Shadowserver saying "yup we confirmed it." Do they both depend on JBIG2?
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Adobe 0-day in the wild, (continued)
- Re: Adobe 0-day in the wild rackow (Feb 23)
- Re: Adobe 0-day in the wild nick hatch (Feb 23)
- Re: Adobe 0-day in the wild Dragos Ruiu (Feb 23)
- Re: Adobe 0-day in the wild Charles Miller (Feb 23)
- Re: Adobe 0-day in the wild nick hatch (Feb 23)
- Re: Adobe 0-day in the wild Dragos Ruiu (Feb 23)
- Re: Adobe 0-day in the wild rackow (Feb 23)
- Re: Adobe 0-day in the wild rackow (Feb 21)
- Re: Adobe 0-day in the wild Jon Kibler (Feb 24)
- Re: Adobe 0-day in the wild nick hatch (Feb 24)