| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Oct 2007 13:11:36 -0400 From: <full-disclosure@...hmail.com> To: <biz4rre@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: 0-day PDF exploit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You're about as funny as the severity of your hacking tools or something. On Tue, 16 Oct 2007 13:07:48 -0400 biz4rre@...il.com wrote: >negative. just a ':' and ')' concatenated characters > >with love, >cyanid-E > >2007/10/16, full-disclosure@...hmail.com <full- >disclosure@...hmail.com>: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Theoretically that is a smiley face right? >> >> On Tue, 16 Oct 2007 11:56:47 -0400 biz4rre@...il.com wrote: >> >:) >> > >> >2007/10/16, full-disclosure@...hmail.com <full- >> >disclosure@...hmail.com>: >> >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> >> Dear 3APAPA, >> >> >> >> Please configure your Internet Exploring mechanisms in a >fashion >> >> compliant with my exploitation technologies to demonstrate >the >> >> severity of my proof of concept attack tools. Here is a list >of >> >> criteria to fulfill to make the hacker attack possible. This >is >> >> severe! Millions who follow the instructions in detail might >be >> >> vulnerable under the right situations sometimes... yawn. >> >> >> >> - -JP<i dont use apostrophes> >> >> >> >> On Tue, 16 Oct 2007 11:27:23 -0400 biz4rre@...il.com wrote: >> >> >...some additional information about 0day PDF exploit PoC: >> >> > >> >> >Please download and open PDF PoC _locally_ in Adobe Acrobat >> >(not >> >> >in Adobe >> >> >Acrobat ActiveX control >> >> >because of some internal restrictions within Adobe ActiveX, >it >> >may >> >> >be >> >> >bypassed via: >> >> >http://seclists.org/bugtraq/2007/Oct/0213.html but i didn't >> >made >> >> >tests). >> >> > >> >> >Also make sure that "mailto" handler is set to Internet >> >Explorer 7 >> >> >(any 3rd >> >> >party mail >> >> >clients is not installed). >> >> > >> >> >PoC tested on WinXP SP2 Eng updated + Internet Explorer 7 + >> >Adobe >> >> >Acrobat >> >> >Reader 8.1 >> >> > >> >> >PoC: http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf >> >> >Details: http://security.fedora- >> >hosting.com/0day/pdf/pdf_poc.txt >> >> > >> >> > >> >> >regards, >> >> >cyanid-E <biz4rre@...il.com> >> >> -----BEGIN PGP SIGNATURE----- >> >> Note: This signature can be verified at >> >https://www.hushtools.com/verify >> >> Charset: UTF8 >> >> Version: Hush 2.5 >> >> >> >> >> >>wpwEAQECAAYFAkcU2sAACgkQ+dWaEhErNvTD2AP9GWi6tgjXfSS6mmSEcNXCngEnJA >X >> >f >> >> >> >>8p8i57pby3KmK6Os29OeesSIedRgM81MxrF8bZ2itPpNYtyrVAC5ztWEfAVJDP01z9 >C >> >L >> >> >> >>93B9OS/IdedZSvXokQAHrtEdO6wZHarddeE772GG3RfWlY5a/SA8agWUIkGAALugJy >v >> >R >> >> gPyqE40= >> >> =sCNw >> >> -----END PGP SIGNATURE----- >> >> >> >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Note: This signature can be verified at >https://www.hushtools.com/verify >> Charset: UTF8 >> Version: Hush 2.5 >> >> >wpwEAQECAAYFAkcU7oUACgkQ+dWaEhErNvTuzAP/bgT6FkLr1a/g4ICZ+G+vIFympNG >2 >> >LRHvwum/30YdR4i3SCeASVioRI7N4Cty6cH0jKjF2DMp/uRJORsdHFXv4lJnquGo2lV >H >> >li1RC5L8XsJkQ15S6MlHfIGPUvQri60h8DZwEtHn5eKzi8pQmTcBR8EKq9LkbrCMrnM >l >> ObNbaRU= >> =gaS9 >> -----END PGP SIGNATURE----- >> >> >> -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcU8MgACgkQ+dWaEhErNvR8pQP/d3WTIy9grtZOnVXBUkIGN8PskQkY 9c/UqQwTsWYvhbH18zcwI/5KGeBRKU3EoNvSsg2fVUQMAlG+V7HkkcVB389RkrntSlsq nLDBDy5e6Rf7lGsENwCT0RWq8nCIhO7cKjrMGaUfR/jC5c4F13JJEgqC4j20wjG9FP6Y aoH2Qms= =ZERQ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists