[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] 0-day PDF exploit

To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <jukeane@xxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] 0-day PDF exploit
From: <full-disclosure@xxxxxxxxxxxx>
Date: Wed, 17 Oct 2007 14:01:05 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

They are just covering their asses in case someone figures out a
scenario where this bug is actually useful, and tries going on a
media whoring campaign talking about how evil Adobe is for not
originally rating the vulnerability higher.

You bunch of whiny, prissy homo fucks.

On Wed, 17 Oct 2007 11:26:15 -0400 Justin Klein Keane
<jukeane@xxxxxxxxxxxxx> wrote:
>Adobe has a work around (but doesn't seem to have a fix yet) for
>this
>vulnerability (which they categorize as "critical").  They also
>state
>(and testing seems to validate) that impact is limited to Windows
>XP
>machines with IE 7.
>
>http://www.adobe.com/support/security/advisories/apsa07-04.html
>
>
>Justin C. Klein Keane
>
>Sr. Programmer Analyst and Information Security Specialist
>University of Pennsylvania
>School of Arts and Sciences Computing
>3600 Market St.
>Philadelphia, PA 19104
>
>eric@xxxxxxxxxx wrote:
>>> Why everybody said it is a zero day about PDF? it's just a
>fault in
>>> IE7, or just want to make a big media hit? real PDF zero day
>will
>>> exists in the PDF's file format, or some Adobe's expanded
>functions.
>>
>> Actually, it's about PDF *and* IE7.  Both are at fault, and if
>either
>> one of them was doing the right thing, the exploit would fail.
>>
>> The first fault is Adobe's.  Because it's their code that first
>
>> acquires the input from the attacker, it's their job IMHO to
>validate
>> it properly, but they don't.  Instead, they turn around and tell
>
>> Windows to open the bogus URI.
>>
>> The second fault is IE7's.  The protocol handler used to fail
>> gracefully by rejecting this kind of malformed URI, but now it
>> doesn't.  The new behavior is to turn around and call
>ShellExecute()
>> with data taken from the URI.
>>
>> I prefer to think of it this way: Adobe's code has been doing
>the
>> wrong thing for years, and they've gotten lucky.  But now, a new
>bug
>> in IE7 has come along which makes the old bug in Adobe's code
>> exploitable.
>>
>> - Eric
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkcWTeEACgkQqTTbVuUWvbL7LgP/b8ib2UBMcPrOyi3cVtFtveVObHlP
p1h19e9S1b4AX8POCp/C1+ZnoqIv51iAEgAQVAaRTewpk/JDuDMq2D34+qGQis5l3Tvv
Nm37F96N3WTZ8B20CFMLAnumQXwVHaXo4u3pbpgEW3C6oYApd8uYqG/PuBYn5LzTQNqt
g8VyM/g=
=oTlt
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] SQL Injection Flaw in Oracle Workspace Manager
Next by Date: Re: [Full-disclosure] Netscape Navigator 9.0 fixes several vulnerabilities
Previous by thread: Re: [Full-disclosure] 0-day PDF exploit
Next by thread: [Full-disclosure] Fwd: Experience masturbation like never before.
Index(es):
- Date
- Thread