Full Disclosure mailing list archives
Re: 0-day PDF exploit
From: "cocoruder ." <frankruder () hotmail com>
Date: Wed, 17 Oct 2007 01:38:40 +0000
Why everybody said it is a zero day about PDF? it's just a fault in IE7, or just want to make a big media hit? real PDF zero day will exists in the PDF's file format, or some Adobe's expanded functions.
welcome to my blog: http://ruder.cdut.net
From: biz4rre () gmail com To: full-disclosure () lists grok org uk Subject: [Full-disclosure] 0-day PDF exploit Date: Tue, 16 Oct 2007 15:00:14 +0300 Zero day PDF exploit for Adobe Acrobat Link to exploit: Please download and open it locally in Adobe Acrobat (not in Adobe Acrobat ActiveX control): http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf Description: 0-day proof of concept (PoC) exploit for Adobe Acrobat. Software affected: + Adobe Reader 8.1 (and earlier) + Adobe Acrobat Standard, Pro and Elements 8.1 (and earlier) + Adobe Acrobat 3D System affected: + Windows XP with IE7 Details: To view exploit code in Adobe Acrobat go to: Pages -> Page Properties -> Actions (trigger: Page Open, action: Open a web link) This is URL handling bug in shell32!ShellExecute() Workaround: Currently unavailable. Thanks to: pdp (at) gnucitizen.org for his investigation regards, cyanid-E <biz4rre () gmail com>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_________________________________________________________________享用世界上最大的电子邮件系统― MSN Hotmail。 http://www.hotmail.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- 0-day PDF exploit biz4rre (Oct 16)
- Re: 0-day PDF exploit phioust (Oct 16)
- Re: 0-day PDF exploit biz4rre (Oct 16)
- Re: 0-day PDF exploit cocoruder . (Oct 16)
- Re: 0-day PDF exploit eric (Oct 17)
- Re: 0-day PDF exploit Justin Klein Keane (Oct 17)
- Re: 0-day PDF exploit cocoruder . (Oct 17)
- Re: 0-day PDF exploit eric (Oct 17)
- Re: 0-day PDF exploit gboyce (Oct 19)
- <Possible follow-ups>
- 0-day PDF exploit biz4rre (Oct 16)
- Re: 0-day PDF exploit full-disclosure (Oct 16)
- Re: 0-day PDF exploit full-disclosure (Oct 16)
- Re: 0-day PDF exploit full-disclosure (Oct 16)
- Re: 0-day PDF exploit full-disclosure (Oct 17)
- Re: 0-day PDF exploit phioust (Oct 16)