| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Jul 4 14:46:33 2005
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: odd Adobe Acrobat thing...
----Original Message----
>From: Morning Wood
>Message-Id: BAY10-DAV15FB4ABD3CF6D1FADB80DED9E70@....gbl
> i noticed...
>
> simply rolling over a *.pdf on your desktop launches...
> C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
Probably only if you have that godawful webview of folders switched on and
it's trying to render a little thumbnail to put at the bottom of the html
column on the left-hand-side, no? I'm still on Acrobat 6.0 and it doesn't
do that, at least the way I have it configured. Adobe have probably
implemented whatever COM interface it is that renders a thumbnail for
explorer in their shell extension between v6 and v7.
> im guessing Explorer is doing some odd things ( preloading on a rollover )
> ..reminds me of the jpg GDI exploit. i imagine if AcroRd32Info.exe is
> exploitable you could craft a bad .pdf with data to overflow that exe. ( a
> simple rollover would start the sploit )
Yep, it's the exact same problem. 'doze is basically launching a viewer
application (ok, COM server) whenever you mouse over various types. This is
as bad an idea as the option to make-things-seem-more-like-the-web
automatically launch files when you click on them once instead of twice, or
one-touch record on tape decks, or fire alarms with the glass pre-smashed,
or any other vital fool-proof safety measure that someone removed because it
was 'inconvenient' :-(
cheers,
DaveK
--
Can't think of a witty .sigline today....
Powered by blists - more mailing lists