Re: [Full-disclosure] 0-day PDF exploit

From: "cocoruder ." <frankruder@xxxxxxxxxxx>
Date: Wed, 17 Oct 2007 01:38:40 +0000

Why everybody said it is a zero day about PDF? it's just a fault in IE7, or just want to make a big media hit? real PDF zero day will exists in the PDF's file format, or some Adobe's expanded functions.

welcome to my blog:
http://ruder.cdut.net

From: biz4rre@xxxxxxxxx
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] 0-day PDF exploit
Date: Tue, 16 Oct 2007 15:00:14 +0300

Zero day PDF exploit for Adobe Acrobat

Link to exploit:

Please download and open it locally in Adobe Acrobat (not in Adobe Acrobat
ActiveX control):

http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf

Description:

0-day proof of concept (PoC) exploit for Adobe Acrobat.

Software affected:

+ Adobe Reader 8.1 (and earlier)
+ Adobe Acrobat Standard, Pro and Elements 8.1 (and earlier)
+ Adobe Acrobat 3D

System affected:

+ Windows XP with IE7

Details:

To view exploit code in Adobe Acrobat go to: Pages -> Page Properties ->
Actions
(trigger: Page Open, action: Open a web link)

This is URL handling bug in shell32!ShellExecute()

Workaround:

Currently unavailable.

Thanks to:

pdp (at) gnucitizen.org for his investigation

regards,
cyanid-E <biz4rre@xxxxxxxxx>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_________________________________________________________________
享用世界上最大的电子邮件系统― MSN Hotmail。 http://www.hotmail.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] 0-day PDF exploit
  - From: eric

References:
- [Full-disclosure] 0-day PDF exploit
  - From: biz4rre

Prev by Date: [Full-disclosure] List Charter
Next by Date: Re: [Full-disclosure] IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX
Previous by thread: Re: [Full-disclosure] 0-day PDF exploit
Next by thread: Re: [Full-disclosure] 0-day PDF exploit
Index(es):
- Date
- Thread

Relevant Pages

Re: Print to file option in print windows
... >>Ghostscript to create PDF documents. ... > you can make them by Adobe Acrobat. ... PostScript file via return email. ...
(microsoft.public.office.misc)
Re: best low cost acrobat 5 replacement?
... mandatory requirements and may some extra convenient features ... Ability to create pdf using Windows Print Y ... Created pdf file size (as compared to Adobe Acrobat) ...
(microsoft.public.windowsxp.help_and_support)
Re: Posting 3D cad files to a web site.... question
... If You're about to post a 3D model as pdf You will need Adobe Acrobat ... or else You're just posting a picture from Your 3D model. ... Acrobat Pro, no matter if it's 8 or 9. ...
(comp.cad.solidworks)
Re: Access 2003, Question concerning Adobe Acrobat
... We output reports from Access to one of our ... > What you could do is install a PDF writer program. ... >> concerning Adobe Acrobat. ...
(comp.databases.ms-access)
Re: Posting 3D cad files to a web site.... question
... If You're about to post a 3D model as pdf You will need Adobe Acrobat ... or else You're just posting a picture from Your 3D model. ... If You wanna produce 3D pdf files from Solid Edge ...
(comp.cad.solidworks)