None of them are related to this vulnerability. As far as I know, the issue is brand new. On 9/21/07, Antivirus Taneja <taneja.security@xxxxxxxxx> wrote: > Hi, > > Too interesting and dangerous....Last couple of months there were PDF > spamming (Stocks Information) all over the internet..I analyzed those PDF i > didn't find any such thing....Did you checked them? Are they related to any > vulnerability? > > Regards, > Taneja Vikas > http://annysoft.wordpress.com > > > > On 9/20/07, pdp (architect) <pdp.gnucitizen@xxxxxxxxxxxxxx> wrote: > > > My upcoming research feature everything regarding this and the issue you > > > have > > > already discussed. > > > > really :).. which one... the one from last year? > > > > On 9/20/07, Aditya K Sood <zeroknock@xxxxxxxxxxxx> wrote: > > > pdp (architect) wrote: > > > > http://www.gnucitizen.org/blog/0day-pdf-pwns-windows > > > > > > > > I am closing the season with the following HIGH Risk vulnerability: > > > > Adobe Acrobat/Reader PDF documents can be used to compromise your > > > > Windows box. Completely!!! Invisibly and unwillingly!!! All it takes > > > > is to open a PDF document or stumble across a page which embeds one. > > > > > > > > The issue is quite critical given the fact that PDF documents are in > > > > the core of today's modern business. This and the fact that it may > > > > take a while for Adobe to fix their closed source product, are the > > > > reasons why I am not going to publish any POCs. You have to take my > > > > word for it. The POCs will be released when an update is available. > > > > > > > > Adobe's representatives can contact me from the usual place. My advise > > > > for you is not to open any PDF files (locally or remotely). Other PDF > > > > viewers might be vulnerable too. The issues was verified on Windows XP > > > > SP2 with the latest Adobe Reader 8.1, although previous versions and > > > > other setups are also affected. > > > > > > > > A formal summary and conclusion of the GNUCITIZEN bug hunt to be > expected soon. > > > > > > > > cheers > > > > > > > > > > > Hi > > > > > > Your point is right. But there are a number of factors other > > > than this > > > in exploiting pdf in other sense. My latest research is working over > the > > > exploitation of PDF. > > > > > > Even if you look at the core then there are no restriction on READ in > PDF > > > in most of the versions. Only outbound data is filtered to some extent. > you > > > can even read /etc/passwd file from inside of PDF. > > > > > > Other infection vector includes infection through Local Area Networks > > > through > > > sharing and printing PDF docs and all. > > > > > > My upcoming research feature everything regarding this and the issue you > > > have > > > already discussed. > > > > > > Regards > > > Aks > > > http://ww.secniche.org > > > > > > > > > > > > > > > -- > > pdp (architect) | petko d. petkov > > http://www.gnucitizen.org > > > > -- pdp (architect) | petko d. petkov http://www.gnucitizen.org
