| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20071017180105.A7FEC22848@mailserver10.hushmail.com> Date: Wed, 17 Oct 2007 14:01:05 -0400 From: <full-disclosure@....hush.com> To: <full-disclosure@...ts.grok.org.uk>,<jukeane@....upenn.edu> Subject: Re: 0-day PDF exploit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 They are just covering their asses in case someone figures out a scenario where this bug is actually useful, and tries going on a media whoring campaign talking about how evil Adobe is for not originally rating the vulnerability higher. You bunch of whiny, prissy homo fucks. On Wed, 17 Oct 2007 11:26:15 -0400 Justin Klein Keane <jukeane@....upenn.edu> wrote: >Adobe has a work around (but doesn't seem to have a fix yet) for >this >vulnerability (which they categorize as "critical"). They also >state >(and testing seems to validate) that impact is limited to Windows >XP >machines with IE 7. > >http://www.adobe.com/support/security/advisories/apsa07-04.html > > >Justin C. Klein Keane > >Sr. Programmer Analyst and Information Security Specialist >University of Pennsylvania >School of Arts and Sciences Computing >3600 Market St. >Philadelphia, PA 19104 > >eric@...hner.us wrote: >>> Why everybody said it is a zero day about PDF? it's just a >fault in >>> IE7, or just want to make a big media hit? real PDF zero day >will >>> exists in the PDF's file format, or some Adobe's expanded >functions. >> >> Actually, it's about PDF *and* IE7. Both are at fault, and if >either >> one of them was doing the right thing, the exploit would fail. >> >> The first fault is Adobe's. Because it's their code that first > >> acquires the input from the attacker, it's their job IMHO to >validate >> it properly, but they don't. Instead, they turn around and tell > >> Windows to open the bogus URI. >> >> The second fault is IE7's. The protocol handler used to fail >> gracefully by rejecting this kind of malformed URI, but now it >> doesn't. The new behavior is to turn around and call >ShellExecute() >> with data taken from the URI. >> >> I prefer to think of it this way: Adobe's code has been doing >the >> wrong thing for years, and they've gotten lucky. But now, a new >bug >> in IE7 has come along which makes the old bug in Adobe's code >> exploitable. >> >> - Eric >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcWTeEACgkQqTTbVuUWvbL7LgP/b8ib2UBMcPrOyi3cVtFtveVObHlP p1h19e9S1b4AX8POCp/C1+ZnoqIv51iAEgAQVAaRTewpk/JDuDMq2D34+qGQis5l3Tvv Nm37F96N3WTZ8B20CFMLAnumQXwVHaXo4u3pbpgEW3C6oYApd8uYqG/PuBYn5LzTQNqt g8VyM/g= =oTlt -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists