Re: 0day: PDF pwns Windows

To: "Aditya K Sood" <zeroknock@xxxxxxxxxxxx>
Subject: Re: 0day: PDF pwns Windows
From: "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>
Date: Thu, 20 Sep 2007 17:28:35 +0100
Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=PRsDGD1KfRIqlxNsRAwThLwffoPf3bX1MpBGWSs6ezQ=; b=jIBh13vsAhry+4Q6np9iYRUFj0MXegZyv+9ZZ1bVaTIE9anGDHtmrwpnijJCp98i58OHCBxb2ddlq7PavZY4eTNnDz+izbAb9jk+delLGEdZRWHkxvogivCmRu8drAzW6cTLZA0MExCTM2eRnofBfNw94PcyAzr9UtcyM1Jg+zs=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=smowL9SW05eZxwlS5drxJKeZb9pZPMCl77Y/+QqAjiVn3C416K1n1QT+wkLDvhczTMPKAKIMvHUwrEfIn8NsBqeP9VOL7s/3rOIhdOXxZURq3IxOPp7v6me8BY6pFZBkbw6VY1s/kRT74XnNwIMFghs10zQKZGCAGPXGI76KV3M=
In-reply-to: <46F2A5E9.2050806@xxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <6905b1570709200621l2424978cr85de6a4c6939c283@xxxxxxxxxxxxxx> <46F2A5E9.2050806@xxxxxxxxxxxx>

> My upcoming research feature everything regarding this and the issue you
> have
> already discussed.

really :).. which one... the one from last year?

On 9/20/07, Aditya K Sood <zeroknock@xxxxxxxxxxxx> wrote:
> pdp (architect) wrote:
> > http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
> >
> > I am closing the season with the following HIGH Risk vulnerability:
> > Adobe Acrobat/Reader PDF documents can be used to compromise your
> > Windows box. Completely!!! Invisibly and unwillingly!!! All it takes
> > is to open a PDF document or stumble across a page which embeds one.
> >
> > The issue is quite critical given the fact that PDF documents are in
> > the core of today's modern business. This and the fact that it may
> > take a while for Adobe to fix their closed source product, are the
> > reasons why I am not going to publish any POCs. You have to take my
> > word for it. The POCs will be released when an update is available.
> >
> > Adobe's representatives can contact me from the usual place. My advise
> > for you is not to open any PDF files (locally or remotely). Other PDF
> > viewers might be vulnerable too. The issues was verified on Windows XP
> > SP2 with the latest Adobe Reader 8.1, although previous versions and
> > other setups are also affected.
> >
> > A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected 
> > soon.
> >
> > cheers
> >
> >
> Hi
>
>          Your point is right. But there are a number of factors other
> than this
> in exploiting pdf  in other sense. My latest research is working over the
> exploitation of PDF.
>
> Even if you look at the core then there are no restriction on READ in PDF
> in most of the versions. Only outbound data is filtered to some extent. you
> can even read /etc/passwd file from inside of PDF.
>
> Other infection vector includes infection through Local Area Networks
> through
> sharing and printing PDF docs and all.
>
> My upcoming research feature everything regarding this and the issue you
> have
> already discussed.
>
> Regards
> Aks
> http://ww.secniche.org
>
>
>


-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

References:
- 0day: PDF pwns Windows
  - From: pdp (architect)
- Re: 0day: PDF pwns Windows
  - From: Aditya K Sood

Prev by Date: Re: Security Advisory for Bugzilla 3.0.1 and 3.1.1
Next by Date: PhpBB Xs 2 profile.php Permanent Xss Vulnerability
Previous by thread: Re: 0day: PDF pwns Windows
Next by thread: Re: 0day: PDF pwns Windows
Index(es):
- Date
- Thread