Re: 0day, it may not be

[Rob Fuller <jd.mubix () gmail com>]

Linking to a PDF on April Fools Day after just pointing out a PDF binder in
the D2 pack... nice

Also, Didier isn't pointing out the /launch function as it has been included
in Metasploit for quite a while as well. He is (as I understand it) pointing
out that his semi-control of the error box lends itself to be much
less suspicious than the "C:\WINDOWS\System32\cmd.exe /C @CD..." etc that
the current PDF binders display.


--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com
Ignore this:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*



On Thu, Apr 1, 2010 at 10:52 AM, dave <dave () immunityinc com> wrote:

> https://forum.immunityinc.com/board/thread/1199/exploiting-pdf-files-without-vulnerabili/?page=1#post-1199
>
> D2 points out rightfully that everyone with the D2 CANVAS Exploit Pack
> (email admin () immunityinc com now for pricing! :>) has known about this
> particular feature of PDF's for over two years. D2 comes with an NDA, so
> it's not surprising it's not "General Knowledge" but the well-funded
> among you should at least stop acting so surprised. :>
>
> Speaking of funding, Immunity is hiring.
> https://www.immunityinc.com/downloads/OpeningsApril2010.pdf
>
> We should play a game of "functions you can use to bypass DEP" - first
> person to reach 100 wins?
>
> -dave
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave