Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

0day: PDF pwns Windows

from [pdp (architect)] Network Security [Permanent Link]
Subject: 0day: PDF pwns Windows
Date: Thu, 20 Sep 2007 14:21:33 +0100 
http://www.gnucitizen.org/blog/0day-pdf-pwns-windows

I am closing the season with the following HIGH Risk vulnerability:
Adobe Acrobat/Reader PDF documents can be used to compromise your
Windows box. Completely!!! Invisibly and unwillingly!!! All it takes
is to open a PDF document or stumble across a page which embeds one.

The issue is quite critical given the fact that PDF documents are in
the core of today's modern business. This and the fact that it may
take a while for Adobe to fix their closed source product, are the
reasons why I am not going to publish any POCs. You have to take my
word for it. The POCs will be released when an update is available.

Adobe's representatives can contact me from the usual place. My advise
for you is not to open any PDF files (locally or remotely). Other PDF
viewers might be vulnerable too. The issues was verified on Windows XP
SP2 with the latest Adobe Reader 8.1, although previous versions and
other setups are also affected.

A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected soon.

cheers

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Security Advisory for Bugzilla 3.0.1 and 3.1.1, mkanat
Next by Date:  [Mlabs] Scrutinising SIP Payloads : Traversing Attack Vectors in VOIP and IM, Aditya K Sood
Previous by Thread:  Security Advisory for Bugzilla 3.0.1 and 3.1.1, mkanat
Next by Thread:  Re: 0day: PDF pwns Windows, Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]