[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.62.0709201027590.8741@linuxbox.org>
Date: Thu, 20 Sep 2007 10:29:22 -0500 (CDT)
From: Gadi Evron <ge@...uxbox.org>
To: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: 0day: PDF pwns Windows
Impressive vulnerability, new. Not a 0day.
Not to start an argument again, but fact is, people stop calling
everything a 0day unless it is, say WMF, ANI, etc. exploited in the wild
without being known.
I don't like the mis-use of this buzzword.
Gadi.
On Thu, 20 Sep 2007, pdp (architect) wrote:
> http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
>
> I am closing the season with the following HIGH Risk vulnerability:
> Adobe Acrobat/Reader PDF documents can be used to compromise your
> Windows box. Completely!!! Invisibly and unwillingly!!! All it takes
> is to open a PDF document or stumble across a page which embeds one.
>
> The issue is quite critical given the fact that PDF documents are in
> the core of today's modern business. This and the fact that it may
> take a while for Adobe to fix their closed source product, are the
> reasons why I am not going to publish any POCs. You have to take my
> word for it. The POCs will be released when an update is available.
>
> Adobe's representatives can contact me from the usual place. My advise
> for you is not to open any PDF files (locally or remotely). Other PDF
> viewers might be vulnerable too. The issues was verified on Windows XP
> SP2 with the latest Adobe Reader 8.1, although previous versions and
> other setups are also affected.
>
> A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected soon.
>
> cheers
>
> --
> pdp (architect) | petko d. petkov
> http://www.gnucitizen.org
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists