Network Security: Detailed info on Re: 0day: PDF pwns Windows

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: 0day: PDF pwns Windows

from [Roland Kuhn] Network Security

[Permanent Link]

Subject:	Re: 0day: PDF pwns Windows
Date:	Tue, 25 Sep 2007 19:57:59 +0200

On 25 Sep 2007, at 00:57, Lamont Granquist wrote:

The exploit is not made public by its use. The exploit is not even made public by (back-channel) sharing amongst the hacker/cracker community. The exploit is only made public if detected or the vulnerability is disclosed. Until detected/disclosed the hacker/ cracker can use their 31337 0day spl01tz to break into whichever vulnerable machines they like. 0day exploits are valuable because the opposition is ignorant of them.

Posting exploits to BUGTRAQ, however, inherently makes them not 0day...

And my ignorant self thought until this thread that the "0" in the term referred to the number of days of head start granted to the vendor. Silly me. Because that would make all vulnerabilities published without prior warning to the vendor a "0day"...

Roland (who seems to remember that this was once the meaning of this term)

PGP.sig
Description: This is a digitally signed message part

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Full-disclosure] 0day: PDF pwns Windows, (continued) Re: [Full-disclosure] 0day: PDF pwns Windows, Chad Perrin Re: [Full-disclosure] 0day: PDF pwns Windows, Wayne D. Hoxsie Jr. Re: [Full-disclosure] 0day: PDF pwns Windows, bugtraq Re: [Full-disclosure] 0day: PDF pwns Windows, Casper . Dik Re: [Full-disclosure] 0day: PDF pwns Windows, J. Oquendo Re: [Full-disclosure] 0day: PDF pwns Windows, Crispin Cowan Re: 0day: PDF pwns Windows, Chad Perrin Re: 0day: PDF pwns Windows, Crispin Cowan Re: [Full-disclosure] 0day: PDF pwns Windows, J. Oquendo Re: [Full-disclosure] 0day: PDF pwns Windows, Lamont Granquist Re: 0day: PDF pwns Windows, Roland Kuhn <= RE: 0day: PDF pwns Windows, Thor (Hammer of God) defining 0day, Gadi Evron Re: defining 0day, Brian Loe Re: [Full-disclosure] defining 0day, Gadi Evron Re: defining 0day, Brian Loe Re: defining 0day, Adrian Griffis Re: defining 0day, Brian Loe Re: defining 0day, Andrew Weaver RE: defining 0day, David Gillett Re: defining 0day, Charles Miller

Previous by Date:	Possible Windows Explorer bad PNG file preview integer overflow handling, rocheml
Next by Date:	RE: 0day: PDF pwns Windows, Thor (Hammer of God)
Previous by Thread:	Re: [Full-disclosure] 0day: PDF pwns Windows, Lamont Granquist
Next by Thread:	RE: 0day: PDF pwns Windows, Thor (Hammer of God)
Indexes:	[Date] [Thread] [Top] [All Lists]