Re: [Full-disclosure] 0day: PDF pwns Windows

看板Bugtraq作者時間18年前 (2007/09/21 23:41), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/14 (看更多)
And your website is down at this moment=0A=0Ahttp://www.gnucitizen.org/ 4= 03=0Ahttp://www.gnucitizen.org/blog/ 403=0Ahttp://www.gnucitizen.org/blog= /0day-pdf-pwns-windows 404=0A=0AIs it a reverse attack by someone hurt :)= =0A =0A--Through the Firewall,Out the Router,Down the T1,Across the Backbon= e,Bounced from Satellite ---- Nothing but the Internet=0A=0A----- Original = Message ----=0AFrom: pdp (architect) <pdp.gnucitizen@googlemail.com>=0ATo: = bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk=0ASent: Thursd= ay, September 20, 2007 6:51:33 PM=0ASubject: [Full-disclosure] 0day: PDF pw= ns Windows=0A=0Ahttp://www.gnucitizen.org/blog/0day-pdf-pwns-windows=0A=0AI= am closing the season with the following HIGH Risk vulnerability:=0AAdobe = Acrobat/Reader PDF documents can be used to compromise your=0AWindows box. = Completely!!! Invisibly and unwillingly!!! All it takes=0Ais to open a PDF = document or stumble across a page which embeds one.=0A=0AThe issue is quite= critical given the fact that PDF documents are in=0Athe core of today's mo= dern business. This and the fact that it may=0Atake a while for Adobe to fi= x their closed source product, are the=0Areasons why I am not going to publ= ish any POCs. You have to take my=0Aword for it. The POCs will be released = when an update is available.=0A=0AAdobe's representatives can contact me fr= om the usual place. My advise=0Afor you is not to open any PDF files (local= ly or remotely). Other PDF=0Aviewers might be vulnerable too. The issues wa= s verified on Windows XP=0ASP2 with the latest Adobe Reader 8.1, although p= revious versions and=0Aother setups are also affected.=0A=0AA formal summar= y and conclusion of the GNUCITIZEN bug hunt to be expected soon.=0A=0Acheer= s=0A=0A-- =0Apdp (architect) | petko d. petkov=0Ahttp://www.gnucitizen.org= =0A=0A_______________________________________________=0AFull-Disclosure - W= e believe in it.=0ACharter: http://lists.grok.org.uk/full-disclosure-charte= r.html=0AHosted and sponsored by Secunia - http://secunia.com/=0A=0A=0A=0A= =0A=0A =0A___________________________________________________________= _________________________=0ABuilding a website is a piece of cake. Yahoo! S= mall Business gives you all the tools to get online.=0Ahttp://smallbusiness= ..yahoo.com/webhosting
更多 rsrivastwa. 的文章
文章代碼(AID): #16y-OE00 (Bugtraq)
討論串 (同標題文章)
完整討論串 (本文為第 2 之 14 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共14篇)
更多 rsrivastwa. 的文章
文章代碼(AID): #16y-OE00 (Bugtraq)