lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <46F2A5E9.2050806@secniche.org>
Date: Thu, 20 Sep 2007 09:55:05 -0700
From: Aditya K Sood <zeroknock@...niche.org>
To: "pdp (architect)" <pdp.gnucitizen@...glemail.com>, 
	bugtraq@...urityfocus.com,  full-disclosure@...ts.grok.org.uk
Subject: Re: 0day: PDF pwns Windows

pdp (architect) wrote:
> http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
>
> I am closing the season with the following HIGH Risk vulnerability:
> Adobe Acrobat/Reader PDF documents can be used to compromise your
> Windows box. Completely!!! Invisibly and unwillingly!!! All it takes
> is to open a PDF document or stumble across a page which embeds one.
>
> The issue is quite critical given the fact that PDF documents are in
> the core of today's modern business. This and the fact that it may
> take a while for Adobe to fix their closed source product, are the
> reasons why I am not going to publish any POCs. You have to take my
> word for it. The POCs will be released when an update is available.
>
> Adobe's representatives can contact me from the usual place. My advise
> for you is not to open any PDF files (locally or remotely). Other PDF
> viewers might be vulnerable too. The issues was verified on Windows XP
> SP2 with the latest Adobe Reader 8.1, although previous versions and
> other setups are also affected.
>
> A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected soon.
>
> cheers
>
>   
Hi

         Your point is right. But there are a number of factors other 
than this
in exploiting pdf  in other sense. My latest research is working over the
exploitation of PDF.

Even if you look at the core then there are no restriction on READ in PDF
in most of the versions. Only outbound data is filtered to some extent. you
can even read /etc/passwd file from inside of PDF.

Other infection vector includes infection through Local Area Networks 
through
sharing and printing PDF docs and all.

My upcoming research feature everything regarding this and the issue you 
have
already discussed.

Regards
Aks
http://ww.secniche.org

                 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ