PDF exploits shown in this comparison as exceeding Flash based
FromTheRafters wrote:
I don't really consider DoS's to be a significant or credible
threat to anonymous end-users (what's the point?).
Well then, a DoS exploit is not an exploit to you?
To exploit something generally means to make some use of it.
When a computer is exploited, it means (in this context) that a third
party is or has gained some use or operational control over it.
DoS events and exploits are not (to my knowledge) used against the
average web-surfer, e-mail reader, home or soho user - but instead are
used against specific machines, servers, etc.
There are some exploits that have no function other than to cause
instability or crash a target system (ie- DoS). The use of such
"exploit" code in that situation will achieve some goal by the attacker,
but I question if it can be said that the target machine was actually
"exploited" in the process.
Until we see a functional example of an operable PDF exploit
AND payload for the Win-98/Acrobat-6 combination then we
can't be sure *if* there is a viable exploit in the first
place.
I suppose you have your own unique definition of payload then?
Where do I say that?
I'm just saying that there has not been any PDF exploit-code analysis
that I've ever seen where it was proved or shown that the exploit would
work on a win-98/acrobat-6 system. And going further, I'm not aware of
an appropriate payload / shellcode that has ever circulated in the wild
to go along with such an exploit.
|