|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
biz4rre
gmail.com
Date: Tue Oct 16 2007 - 07:00:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Zero day PDF exploit for Adobe Acrobat
Link to exploit:
Please download and open it locally in Adobe Acrobat (not in Adobe Acrobat
ActiveX control):
http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf
Description:
0-day proof of concept (PoC) exploit for Adobe Acrobat.
Software affected:
+ Adobe Reader 8.1 (and earlier)
+ Adobe Acrobat Standard, Pro and Elements 8.1 (and earlier)
+ Adobe Acrobat 3D
System affected:
+ Windows XP with IE7
Details:
To view exploit code in Adobe Acrobat go to: Pages -> Page Properties ->
Actions
(trigger: Page Open, action: Open a web link)
This is URL handling bug in shell32!ShellExecute()
Workaround:
Currently unavailable.
Thanks to:
pdp (at) gnucitizen.org for his investigation
regards,
cyanid-E <biz4rregmail.com>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]