Full Disclosure mailing list archives
Re: 0day: PDF pwns Windows
From: Gadi Evron <ge () linuxbox org>
Date: Thu, 20 Sep 2007 18:09:00 -0500 (CDT)
On Thu, 20 Sep 2007, Joey Mengele wrote:
Dear Fatboy, Let's put aside for a minute the fact that you have no idea what
You like people on the heavy side? Psst... call me.
you are talking about and let's also, for the benefit of this very valuable debate, assume your definition is correct. First, please prove this bug was never used in the wild. After that, please prove your credibility in the realm of defining words related to illegal computer hacking. Thanks. J P.S. Talking about botnets doesn't count to satisfy part 1 OR part 2 ___ "If today I stand here as a revolutionary, it is as a revolutionary against the Revolution." On Thu, 20 Sep 2007 11:29:22 -0400 Gadi Evron <ge () linuxbox org> wrote:Impressive vulnerability, new. Not a 0day. Not to start an argument again, but fact is, people stop calling everything a 0day unless it is, say WMF, ANI, etc. exploited in the wild without being known. I don't like the mis-use of this buzzword. Gadi. On Thu, 20 Sep 2007, pdp (architect) wrote:http://www.gnucitizen.org/blog/0day-pdf-pwns-windows I am closing the season with the following HIGH Riskvulnerability:Adobe Acrobat/Reader PDF documents can be used to compromiseyourWindows box. Completely!!! Invisibly and unwillingly!!! All ittakesis to open a PDF document or stumble across a page which embedsone.The issue is quite critical given the fact that PDF documentsare inthe core of today's modern business. This and the fact that itmaytake a while for Adobe to fix their closed source product, arethereasons why I am not going to publish any POCs. You have to takemyword for it. The POCs will be released when an update isavailable.Adobe's representatives can contact me from the usual place. Myadvisefor you is not to open any PDF files (locally or remotely).Other PDFviewers might be vulnerable too. The issues was verified onWindows XPSP2 with the latest Adobe Reader 8.1, although previous versionsandother setups are also affected. A formal summary and conclusion of the GNUCITIZEN bug hunt to beexpected soon.cheers -- pdp (architect) | petko d. petkov http://www.gnucitizen.org_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- Click now for accounting software that's a huge plus! http://tagline.hushmail.com/fc/Ioyw6h4eooFnoPRHh77yKi8qPMTyf03wCE9icEun2cA0zQJXBBid3w/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: 0day: PDF pwns Windows, (continued)
- Re: 0day: PDF pwns Windows Iggy E (Sep 25)
- Re: 0day: PDF pwns Windows Thierry Zoller (Sep 21)
- Re: 0day: PDF pwns Windows Geo. (Sep 21)
- Re: 0day: PDF pwns Windows silky (Sep 22)
- Re: 0day: PDF pwns Windows Eduardo Tongson (Sep 22)
- Re: 0day: PDF pwns Windows cocoruder . (Sep 25)
- Re: 0day: PDF pwns Windows Geo. (Sep 21)
- Re: 0day: PDF pwns Windows Kevin Finisterre (lists) (Sep 21)
- Message not available
- Re: 0day: PDF pwns Windows h4h (Sep 21)
- Re: 0day: PDF pwns Windows Tremaine Lea (Sep 21)
- Re: 0day: PDF pwns Windows Gadi Evron (Sep 20)
- Re: 0day: PDF pwns Windows pdp (architect) (Sep 21)