| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Sep 2007 09:45:06 +1000 From: silky <michaelslists@...il.com> To: Geo. <geoincidents@....net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: 0day: PDF pwns Windows On 9/22/07, Geo. <geoincidents@....net> wrote: > > pa> http://www.gnucitizen.org/blog/0day-pdf-pwns-windows > > Is this the way responsible disclosure works these days ? > > "Adobe?s representatives can contact me from the usual place." > > > > Wow, now that's coordinated release. Knowing the bugs that you found > > previously it should take 10 minutes to rediscover this one. Which > > makes this even worse. > > I just saw his video showing the exploit fireing up calculator, it looks > like the same stuff (feature/exploit call it what you want) that's been > around for years. See www.nthelp.com/test.pdf (warning, it won't damage > anything but it may scare you) ps, if anyone cares, this exploit does not work on foxit pdf reader v1.3. foxit rocks. so lets not call it a 'pdf' vuln, but a 'adobe acrobat' vuln. > Geo. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- mike http://lets.coozi.com.au/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists