| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Sep 2007 08:35:54 +0100 From: "pdp (architect)" <pdp.gnucitizen@...glemail.com> To: "Rohit Srivastwa" <rsrivastwa@...oo.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: 0day: PDF pwns Windows back online - too many users .. On 9/21/07, Rohit Srivastwa <rsrivastwa@...oo.com> wrote: > And your website is down at this moment > > http://www.gnucitizen.org/ 403 > http://www.gnucitizen.org/blog/ 403 > http://www.gnucitizen.org/blog/0day-pdf-pwns-windows 404 > > Is it a reverse attack by someone hurt :) > > --Through the Firewall,Out the Router,Down the T1,Across the Backbone,Bounced from Satellite ---- Nothing but the Internet > > ----- Original Message ---- > From: pdp (architect) <pdp.gnucitizen@...glemail.com> > To: bugtraq@...urityfocus.com; full-disclosure@...ts.grok.org.uk > Sent: Thursday, September 20, 2007 6:51:33 PM > Subject: [Full-disclosure] 0day: PDF pwns Windows > > http://www.gnucitizen.org/blog/0day-pdf-pwns-windows > > I am closing the season with the following HIGH Risk vulnerability: > Adobe Acrobat/Reader PDF documents can be used to compromise your > Windows box. Completely!!! Invisibly and unwillingly!!! All it takes > is to open a PDF document or stumble across a page which embeds one. > > The issue is quite critical given the fact that PDF documents are in > the core of today's modern business. This and the fact that it may > take a while for Adobe to fix their closed source product, are the > reasons why I am not going to publish any POCs. You have to take my > word for it. The POCs will be released when an update is available. > > Adobe's representatives can contact me from the usual place. My advise > for you is not to open any PDF files (locally or remotely). Other PDF > viewers might be vulnerable too. The issues was verified on Windows XP > SP2 with the latest Adobe Reader 8.1, although previous versions and > other setups are also affected. > > A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected soon. > > cheers > > -- > pdp (architect) | petko d. petkov > http://www.gnucitizen.org > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > ____________________________________________________________________________________ > Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. > http://smallbusiness.yahoo.com/webhosting > -- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists