lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6905b1570709210035m4fcca6afja8eafe4c7025b1d9@mail.gmail.com>
Date: Fri, 21 Sep 2007 08:35:54 +0100
From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
To: "Rohit Srivastwa" <rsrivastwa@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: 0day: PDF pwns Windows

back online - too many users ..

On 9/21/07, Rohit Srivastwa <rsrivastwa@...oo.com> wrote:
> And your website is down at this moment
>
> http://www.gnucitizen.org/   403
> http://www.gnucitizen.org/blog/   403
> http://www.gnucitizen.org/blog/0day-pdf-pwns-windows 404
>
> Is it a reverse attack by someone hurt :)
>
> --Through the Firewall,Out the Router,Down the T1,Across the Backbone,Bounced from Satellite ---- Nothing but the Internet
>
> ----- Original Message ----
> From: pdp (architect) <pdp.gnucitizen@...glemail.com>
> To: bugtraq@...urityfocus.com; full-disclosure@...ts.grok.org.uk
> Sent: Thursday, September 20, 2007 6:51:33 PM
> Subject: [Full-disclosure] 0day: PDF pwns Windows
>
> http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
>
> I am closing the season with the following HIGH Risk vulnerability:
> Adobe Acrobat/Reader PDF documents can be used to compromise your
> Windows box. Completely!!! Invisibly and unwillingly!!! All it takes
> is to open a PDF document or stumble across a page which embeds one.
>
> The issue is quite critical given the fact that PDF documents are in
> the core of today's modern business. This and the fact that it may
> take a while for Adobe to fix their closed source product, are the
> reasons why I am not going to publish any POCs. You have to take my
> word for it. The POCs will be released when an update is available.
>
> Adobe's representatives can contact me from the usual place. My advise
> for you is not to open any PDF files (locally or remotely). Other PDF
> viewers might be vulnerable too. The issues was verified on Windows XP
> SP2 with the latest Adobe Reader 8.1, although previous versions and
> other setups are also affected.
>
> A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected soon.
>
> cheers
>
> --
> pdp (architect) | petko d. petkov
> http://www.gnucitizen.org
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
>
> ____________________________________________________________________________________
> Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
> http://smallbusiness.yahoo.com/webhosting
>


-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ