Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] 0day: PDF pwns Windows

from [Gadi Evron] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] 0day: PDF pwns Windows
Date: Thu, 20 Sep 2007 18:09:00 -0500 (CDT) 
On Thu, 20 Sep 2007, Joey Mengele wrote:

Dear Fatboy,

Let's put aside for a minute the fact that you have no idea what


You like people on the heavy side? Psst... call me.



you are talking about and let's also, for the benefit of this very
valuable debate, assume your definition is correct. First, please
prove this bug was never used in the wild. After that, please prove
your credibility in the realm of defining words related to illegal
computer hacking. Thanks.

J

P.S. Talking about botnets doesn't count to satisfy part 1 OR part 2

___
"If today I stand here as a revolutionary, it is as a revolutionary
against the Revolution."


On Thu, 20 Sep 2007 11:29:22 -0400 Gadi Evron <ge@linuxbox.org>
wrote:

Impressive vulnerability, new. Not a 0day.

Not to start an argument again, but fact is, people stop calling
everything a 0day unless it is, say WMF, ANI, etc. exploited in
the wild
without being known.

I don't like the mis-use of this buzzword.

     Gadi.


On Thu, 20 Sep 2007, pdp (architect) wrote:


http://www.gnucitizen.org/blog/0day-pdf-pwns-windows

I am closing the season with the following HIGH Risk

vulnerability:

Adobe Acrobat/Reader PDF documents can be used to compromise

your

Windows box. Completely!!! Invisibly and unwillingly!!! All it

takes

is to open a PDF document or stumble across a page which embeds

one.


The issue is quite critical given the fact that PDF documents

are in

the core of today's modern business. This and the fact that it

may

take a while for Adobe to fix their closed source product, are

the

reasons why I am not going to publish any POCs. You have to take

my

word for it. The POCs will be released when an update is

available.


Adobe's representatives can contact me from the usual place. My

advise

for you is not to open any PDF files (locally or remotely).

Other PDF

viewers might be vulnerable too. The issues was verified on

Windows XP

SP2 with the latest Adobe Reader 8.1, although previous versions

and

other setups are also affected.

A formal summary and conclusion of the GNUCITIZEN bug hunt to be

expected soon.


cheers

--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
Click now for accounting software that's a huge plus!
http://tagline.hushmail.com/fc/Ioyw6h4eooFnoPRHh77yKi8qPMTyf03wCE9icEun2cA0zQJXBBid3w/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] 0day: PDF pwns Windows, Joey Mengele
Next by Date:  Re: [Full-disclosure] 0day: PDF pwns Windows, Crispin Cowan
Previous by Thread:  Re: [Full-disclosure] 0day: PDF pwns Windows, Joey Mengele
Next by Thread:  Re: [Full-disclosure] 0day: PDF pwns Windows, Chad Perrin
Indexes:  [Date] [Thread] [Top] [All Lists]