| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Sep 2007 18:09:00 -0500 (CDT) From: Gadi Evron <ge@...uxbox.org> To: Joey Mengele <joey.mengele@...hmail.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, pdp.gnucitizen@...glemail.com Subject: Re: 0day: PDF pwns Windows On Thu, 20 Sep 2007, Joey Mengele wrote: > Dear Fatboy, > > Let's put aside for a minute the fact that you have no idea what You like people on the heavy side? Psst... call me. > you are talking about and let's also, for the benefit of this very > valuable debate, assume your definition is correct. First, please > prove this bug was never used in the wild. After that, please prove > your credibility in the realm of defining words related to illegal > computer hacking. Thanks. > > J > > P.S. Talking about botnets doesn't count to satisfy part 1 OR part 2 > > ___ > "If today I stand here as a revolutionary, it is as a revolutionary > against the Revolution." > > > On Thu, 20 Sep 2007 11:29:22 -0400 Gadi Evron <ge@...uxbox.org> > wrote: >> Impressive vulnerability, new. Not a 0day. >> >> Not to start an argument again, but fact is, people stop calling >> everything a 0day unless it is, say WMF, ANI, etc. exploited in >> the wild >> without being known. >> >> I don't like the mis-use of this buzzword. >> >> Gadi. >> >> >> On Thu, 20 Sep 2007, pdp (architect) wrote: >> >>> http://www.gnucitizen.org/blog/0day-pdf-pwns-windows >>> >>> I am closing the season with the following HIGH Risk >> vulnerability: >>> Adobe Acrobat/Reader PDF documents can be used to compromise >> your >>> Windows box. Completely!!! Invisibly and unwillingly!!! All it >> takes >>> is to open a PDF document or stumble across a page which embeds >> one. >>> >>> The issue is quite critical given the fact that PDF documents >> are in >>> the core of today's modern business. This and the fact that it >> may >>> take a while for Adobe to fix their closed source product, are >> the >>> reasons why I am not going to publish any POCs. You have to take >> my >>> word for it. The POCs will be released when an update is >> available. >>> >>> Adobe's representatives can contact me from the usual place. My >> advise >>> for you is not to open any PDF files (locally or remotely). >> Other PDF >>> viewers might be vulnerable too. The issues was verified on >> Windows XP >>> SP2 with the latest Adobe Reader 8.1, although previous versions >> and >>> other setups are also affected. >>> >>> A formal summary and conclusion of the GNUCITIZEN bug hunt to be >> expected soon. >>> >>> cheers >>> >>> -- >>> pdp (architect) | petko d. petkov >>> http://www.gnucitizen.org >>> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > -- > Click now for accounting software that's a huge plus! > http://tagline.hushmail.com/fc/Ioyw6h4eooFnoPRHh77yKi8qPMTyf03wCE9icEun2cA0zQJXBBid3w/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists