lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <432127.83847.qm@web54410.mail.yahoo.com>
Date: Fri, 21 Sep 2007 00:00:10 -0700 (PDT)
From: Rohit Srivastwa <rsrivastwa@...oo.com>
To: "pdp (architect)" <pdp.gnucitizen@...glemail.com>,
	bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] 0day: PDF pwns Windows

And your website is down at this moment

http://www.gnucitizen.org/   403
http://www.gnucitizen.org/blog/   403
http://www.gnucitizen.org/blog/0day-pdf-pwns-windows 404

Is it a reverse attack by someone hurt :)
 
--Through the Firewall,Out the Router,Down the T1,Across the Backbone,Bounced from Satellite ---- Nothing but the Internet

----- Original Message ----
From: pdp (architect) <pdp.gnucitizen@...glemail.com>
To: bugtraq@...urityfocus.com; full-disclosure@...ts.grok.org.uk
Sent: Thursday, September 20, 2007 6:51:33 PM
Subject: [Full-disclosure] 0day: PDF pwns Windows

http://www.gnucitizen.org/blog/0day-pdf-pwns-windows

I am closing the season with the following HIGH Risk vulnerability:
Adobe Acrobat/Reader PDF documents can be used to compromise your
Windows box. Completely!!! Invisibly and unwillingly!!! All it takes
is to open a PDF document or stumble across a page which embeds one.

The issue is quite critical given the fact that PDF documents are in
the core of today's modern business. This and the fact that it may
take a while for Adobe to fix their closed source product, are the
reasons why I am not going to publish any POCs. You have to take my
word for it. The POCs will be released when an update is available.

Adobe's representatives can contact me from the usual place. My advise
for you is not to open any PDF files (locally or remotely). Other PDF
viewers might be vulnerable too. The issues was verified on Windows XP
SP2 with the latest Adobe Reader 8.1, although previous versions and
other setups are also affected.

A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected soon.

cheers

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





       
____________________________________________________________________________________
Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
http://smallbusiness.yahoo.com/webhosting 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ