RE: [Full-disclosure] 0day: PDF pwns Windows
- From: "Jeff Wells (jmwells)" <jmwells@xxxxxxxxx>
- Date: Fri, 21 Sep 2007 09:46:38 -0700
"Fatboy?"
J.
-----Original Message-----
From: Joey Mengele [mailto:joey.mengele@xxxxxxxxxxxx]
Sent: Thursday, September 20, 2007 3:34 PM
To: pdp.gnucitizen@xxxxxxxxxxxxxx; ge@xxxxxxxxxxxx
Cc: full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] 0day: PDF pwns Windows
Dear Fatboy,
Let's put aside for a minute the fact that you have no idea what
you are talking about and let's also, for the benefit of this very
valuable debate, assume your definition is correct. First, please
prove this bug was never used in the wild. After that, please prove
your credibility in the realm of defining words related to illegal
computer hacking. Thanks.
J
P.S. Talking about botnets doesn't count to satisfy part 1 OR part 2
___
"If today I stand here as a revolutionary, it is as a revolutionary
against the Revolution."
On Thu, 20 Sep 2007 11:29:22 -0400 Gadi Evron <ge@xxxxxxxxxxxx>
wrote:
Impressive vulnerability, new. Not a 0day.
Not to start an argument again, but fact is, people stop calling
everything a 0day unless it is, say WMF, ANI, etc. exploited in
the wild
without being known.
I don't like the mis-use of this buzzword.
Gadi.
On Thu, 20 Sep 2007, pdp (architect) wrote:
http://www.gnucitizen.org/blog/0day-pdf-pwns-windowsvulnerability:
I am closing the season with the following HIGH Risk
Adobe Acrobat/Reader PDF documents can be used to compromiseyour
Windows box. Completely!!! Invisibly and unwillingly!!! All ittakes
is to open a PDF document or stumble across a page which embedsone.
are in
The issue is quite critical given the fact that PDF documents
the core of today's modern business. This and the fact that itmay
take a while for Adobe to fix their closed source product, arethe
reasons why I am not going to publish any POCs. You have to takemy
word for it. The POCs will be released when an update isavailable.
advise
Adobe's representatives can contact me from the usual place. My
for you is not to open any PDF files (locally or remotely).Other PDF
viewers might be vulnerable too. The issues was verified onWindows XP
SP2 with the latest Adobe Reader 8.1, although previous versionsand
other setups are also affected.expected soon.
A formal summary and conclusion of the GNUCITIZEN bug hunt to be
cheers
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Click for free info on earning your associates degrees.
http://tagline.hushmail.com/fc/Ioyw6h4dDtGMI3TNpcvpjdNAOmIKYwGE2mXyuQX1w
CzAkHpnY9xTtK/
- References:
- Re: [Full-disclosure] 0day: PDF pwns Windows
- From: Joey Mengele
- Re: [Full-disclosure] 0day: PDF pwns Windows
- Prev by Date: Re: 0day: PDF pwns Windows
- Next by Date: [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities
- Previous by thread: RE: [Full-disclosure] 0day: PDF pwns Windows
- Next by thread: Re: [Full-disclosure] 0day: PDF pwns Windows
- Index(es):
Relevant Pages
|
