Impressive vulnerability, new. Not a 0day.
Not to start an argument again, but fact is, people stop calling
everything a 0day unless it is, say WMF, ANI, etc. exploited in
the wild
without being known.
I don't like the mis-use of this buzzword.
Gadi.
On Thu, 20 Sep 2007, pdp (architect) wrote:
http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
I am closing the season with the following HIGH Risk
vulnerability:
Adobe Acrobat/Reader PDF documents can be used to compromise
your
Windows box. Completely!!! Invisibly and unwillingly!!! All it
takes
is to open a PDF document or stumble across a page which embeds
one.
The issue is quite critical given the fact that PDF documents
are in
the core of today's modern business. This and the fact that it
may
take a while for Adobe to fix their closed source product, are
the
reasons why I am not going to publish any POCs. You have to take
my
word for it. The POCs will be released when an update is
available.
Adobe's representatives can contact me from the usual place. My
advise
for you is not to open any PDF files (locally or remotely).
Other PDF
viewers might be vulnerable too. The issues was verified on
Windows XP
SP2 with the latest Adobe Reader 8.1, although previous versions
and
other setups are also affected.
A formal summary and conclusion of the GNUCITIZEN bug hunt to be
expected soon.
cheers
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/