> My upcoming research feature everything regarding this and the issue you > have > already discussed. really :).. which one... the one from last year? On 9/20/07, Aditya K Sood <zeroknock@xxxxxxxxxxxx> wrote: > pdp (architect) wrote: > > http://www.gnucitizen.org/blog/0day-pdf-pwns-windows > > > > I am closing the season with the following HIGH Risk vulnerability: > > Adobe Acrobat/Reader PDF documents can be used to compromise your > > Windows box. Completely!!! Invisibly and unwillingly!!! All it takes > > is to open a PDF document or stumble across a page which embeds one. > > > > The issue is quite critical given the fact that PDF documents are in > > the core of today's modern business. This and the fact that it may > > take a while for Adobe to fix their closed source product, are the > > reasons why I am not going to publish any POCs. You have to take my > > word for it. The POCs will be released when an update is available. > > > > Adobe's representatives can contact me from the usual place. My advise > > for you is not to open any PDF files (locally or remotely). Other PDF > > viewers might be vulnerable too. The issues was verified on Windows XP > > SP2 with the latest Adobe Reader 8.1, although previous versions and > > other setups are also affected. > > > > A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected soon. > > > > cheers > > > > > Hi > > Your point is right. But there are a number of factors other > than this > in exploiting pdf in other sense. My latest research is working over the > exploitation of PDF. > > Even if you look at the core then there are no restriction on READ in PDF > in most of the versions. Only outbound data is filtered to some extent. you > can even read /etc/passwd file from inside of PDF. > > Other infection vector includes infection through Local Area Networks > through > sharing and printing PDF docs and all. > > My upcoming research feature everything regarding this and the issue you > have > already discussed. > > Regards > Aks > http://ww.secniche.org > > > -- pdp (architect) | petko d. petkov http://www.gnucitizen.org
