A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows 98 » General
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

WARNING - PDF exploits - Adobe and Foxit [and others] readers



 
 
Thread Tools Display Modes
  #21  
Old April 6th 10, 07:18 AM posted to microsoft.public.win98.gen_discussion,microsoft.public.security.homeusers
Dan
External Usenet User
 
Posts: 1,089
Default WARNING - PDF exploits - Adobe and Foxit [and others] readers

"MEB" wrote:

On 04/05/2010 05:53 PM, David H. Lipman wrote:
From: "MEB"

| On 04/04/2010 08:57 PM, Shenan Stanley wrote:
MEB wrote:
This particular style of exploit has been around for quite sometime
in various forms. I have previously to advise of this style of
attack.


Yet another party has posted the methodology and provided example
coding. Specially and EASILY crafted PDFs can be created to include
calls to external applications which are not blocked by JAVA or
other restrictions, yet can be run, forcing other unwanted
activities [such as opening IE or running commands] or exploiting
other vulnerabilities within other applications. This type of
exploit can be used in conjunction with other exploits, compounding
the potential malicious usage. These exploits can be modified to
work within any OS, though system restrictions and other security
may mitigate some of the potential exploits.


Adobe Reader and Foxit Reader are vulnerable to this style of
exploit, as may others. Foxit appears to be more exploitable than
Adobe to this particular issue.


Sumatra is apparently immune or doesn't support this type of
exploit, and others may be as well.


Metasploit and several other have provided other or additional
styles of this type of exploit.


REFERENCES/EXAMPLES:
http://blog.didierstevens.com/2010/0...cape-from-pdf/
take particular note of the comment section for indications of how
easy the coding and modifications are.


http://www.metasploit.com/


Dan wrote:
FoxitReader has a new update.


MEB wrote:
Does it supposedly deal with these issues?


You did not quote the issues you refer to in your response. I have put that
part back (above.)


| I didn't because they were already removed.


You can easily check for yourself, as can anyone else. Foxit Software has a
security page he
http://www.foxitsoftware.com/pdf/reader/security.htm


Now that you can see the security page for Foxit Software and what patches
they have released and for what reasons those patches were released and the
referenced 'these issues' - do the updates deal with what you reported on
April 1, 2010?



| Since you have returned the links to the materials, would you say or
| advise that the issues have been fixed pursuant the original linked
| materials and your link?

| Apr. 2, 2010
| "Authorization Bypass When Executing An Embedded Executable.
| SUMMARY

| Fixed a security issue that Foxit Reader runs an executable embedded
| program inside a PDF automatically without asking for user�s permission.
| AFFECTED SOFTWARE VERSION

| Foxit Reader 3.2.0.0303."

| Have you personally tested for these vulnerabilities [see for example,
| the metasploit link] with/after the supposed fix/update?

| I would opine that they may deal with SOME of those reported issues, I
| would not go so far as to claim they were completely fixed when taken in
| conjunction with other exploits/vulnerabilities or per indications of
| other versions affected; or per other exploits using similar methods
| [since there appeared to be several methods to achieve the results],
| would you?

http://www.us-cert.gov/current/index...t_reader_3_2_1

"US-CERT encourages users and administrators to review the Foxit notice
regarding the release and upgrade to Foxit Reader 3.2.1.0401 to help
mitigate the risks."

I think the key word above is "help", perhaps I'm wrong.

Last weeks summary of vulnerabilities, in particular relating
Oracle/Sun JAVA and IE, seems to be a part of the total picture, add in
the OSs themselves and their vulnerabilities and we have a slightly
different total picture involved.

http://www.us-cert.gov/cas/bulletins/SB10-095.html

Oracle released an update:
http://www.oracle.com/technology/dep...pumar2010.html
"Due to the threat posed by a successful attack, Oracle strongly
recommends that customers apply CPU fixes as soon as possible. This
Critical Patch Update contains 27 new security fixes across all products."

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
.


Meb, I have been researching this vulnerability and apparently the new
update to FoxitReader software allows their to be a warning box that will pop
up before this vulnerability is launched.

http://www.pcworld.com/businesscente...ab ility.html

"I've reported it to Foxit Software, and they told me they will issue a fix
this week. I don't know what the fix will be, but I assume it will be a
warning message, to be in line with the other PDF readers," Stevens said via
e-mail. (from the article)

http://forums.foxitsoftware.com/showthread.php?t=18044

http://www.kb.cert.org/vuls/id/570177

"This issue is addressed in Foxit Reader 3.2.1.0401. This update will cause
Foxit Reader to prompt the user before using a Launch Action." (From US-Cert)

It appears that the makers of Foxit Reader are much more concerned about the
user's safety and security than the makers of Adobe Reader.
  #22  
Old April 6th 10, 05:17 PM posted to microsoft.public.win98.gen_discussion,microsoft.public.security.homeusers
MEB[_17_]
External Usenet User
 
Posts: 1,830
Default WARNING - PDF exploits - Adobe and Foxit [and others] readers

On 04/06/2010 02:18 AM, Dan wrote:
"MEB" wrote:

On 04/05/2010 05:53 PM, David H. Lipman wrote:
From: "MEB"

| On 04/04/2010 08:57 PM, Shenan Stanley wrote:
MEB wrote:
This particular style of exploit has been around for quite sometime
in various forms. I have previously to advise of this style of
attack.

Yet another party has posted the methodology and provided example
coding. Specially and EASILY crafted PDFs can be created to include
calls to external applications which are not blocked by JAVA or
other restrictions, yet can be run, forcing other unwanted
activities [such as opening IE or running commands] or exploiting
other vulnerabilities within other applications. This type of
exploit can be used in conjunction with other exploits, compounding
the potential malicious usage. These exploits can be modified to
work within any OS, though system restrictions and other security
may mitigate some of the potential exploits.

Adobe Reader and Foxit Reader are vulnerable to this style of
exploit, as may others. Foxit appears to be more exploitable than
Adobe to this particular issue.

Sumatra is apparently immune or doesn't support this type of
exploit, and others may be as well.

Metasploit and several other have provided other or additional
styles of this type of exploit.

REFERENCES/EXAMPLES:
http://blog.didierstevens.com/2010/0...cape-from-pdf/
take particular note of the comment section for indications of how
easy the coding and modifications are.

http://www.metasploit.com/

Dan wrote:
FoxitReader has a new update.

MEB wrote:
Does it supposedly deal with these issues?

You did not quote the issues you refer to in your response. I have put that
part back (above.)

| I didn't because they were already removed.


You can easily check for yourself, as can anyone else. Foxit Software has a
security page he
http://www.foxitsoftware.com/pdf/reader/security.htm

Now that you can see the security page for Foxit Software and what patches
they have released and for what reasons those patches were released and the
referenced 'these issues' - do the updates deal with what you reported on
April 1, 2010?


| Since you have returned the links to the materials, would you say or
| advise that the issues have been fixed pursuant the original linked
| materials and your link?

| Apr. 2, 2010
| "Authorization Bypass When Executing An Embedded Executable.
| SUMMARY

| Fixed a security issue that Foxit Reader runs an executable embedded
| program inside a PDF automatically without asking for user�s permission.
| AFFECTED SOFTWARE VERSION

| Foxit Reader 3.2.0.0303."

| Have you personally tested for these vulnerabilities [see for example,
| the metasploit link] with/after the supposed fix/update?

| I would opine that they may deal with SOME of those reported issues, I
| would not go so far as to claim they were completely fixed when taken in
| conjunction with other exploits/vulnerabilities or per indications of
| other versions affected; or per other exploits using similar methods
| [since there appeared to be several methods to achieve the results],
| would you?

http://www.us-cert.gov/current/index...t_reader_3_2_1

"US-CERT encourages users and administrators to review the Foxit notice
regarding the release and upgrade to Foxit Reader 3.2.1.0401 to help
mitigate the risks."

I think the key word above is "help", perhaps I'm wrong.

Last weeks summary of vulnerabilities, in particular relating
Oracle/Sun JAVA and IE, seems to be a part of the total picture, add in
the OSs themselves and their vulnerabilities and we have a slightly
different total picture involved.

http://www.us-cert.gov/cas/bulletins/SB10-095.html

Oracle released an update:
http://www.oracle.com/technology/dep...pumar2010.html
"Due to the threat posed by a successful attack, Oracle strongly
recommends that customers apply CPU fixes as soon as possible. This
Critical Patch Update contains 27 new security fixes across all products."

--
MEB


Meb, I have been researching this vulnerability and apparently the new
update to FoxitReader software allows their to be a warning box that will pop
up before this vulnerability is launched.

http://www.pcworld.com/businesscente...ab ility.html

"I've reported it to Foxit Software, and they told me they will issue a fix
this week. I don't know what the fix will be, but I assume it will be a
warning message, to be in line with the other PDF readers," Stevens said via
e-mail. (from the article)

http://forums.foxitsoftware.com/showthread.php?t=18044

http://www.kb.cert.org/vuls/id/570177

"This issue is addressed in Foxit Reader 3.2.1.0401. This update will cause
Foxit Reader to prompt the user before using a Launch Action." (From US-Cert)

It appears that the makers of Foxit Reader are much more concerned about the
user's safety and security than the makers of Adobe Reader.


Again, though I applaud the efforts [call me overly cautious], I still
wouldn't go so far as to say the issues have been absolutely fixed when
one of the abilities/malicious activities is to "suppress" the pop-up
box, hence the warning never appears or is not seen, we have also seen
methods elsewhere for "auto" click/authorizations involved; so I'll
continue to reserve "its fixed" until real world proven.

As for Adobe, since that is basically its own "operating environment",
these issues will apparently be more difficult to address as they are
supposedly a "feature".

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
  #23  
Old April 6th 10, 05:17 PM posted to microsoft.public.win98.gen_discussion,microsoft.public.security.homeusers
MEB[_17_]
External Usenet User
 
Posts: 1,830
Default WARNING - PDF exploits - Adobe and Foxit [and others] readers

On 04/06/2010 02:18 AM, Dan wrote:
"MEB" wrote:

On 04/05/2010 05:53 PM, David H. Lipman wrote:
From: "MEB"

| On 04/04/2010 08:57 PM, Shenan Stanley wrote:
MEB wrote:
This particular style of exploit has been around for quite sometime
in various forms. I have previously to advise of this style of
attack.

Yet another party has posted the methodology and provided example
coding. Specially and EASILY crafted PDFs can be created to include
calls to external applications which are not blocked by JAVA or
other restrictions, yet can be run, forcing other unwanted
activities [such as opening IE or running commands] or exploiting
other vulnerabilities within other applications. This type of
exploit can be used in conjunction with other exploits, compounding
the potential malicious usage. These exploits can be modified to
work within any OS, though system restrictions and other security
may mitigate some of the potential exploits.

Adobe Reader and Foxit Reader are vulnerable to this style of
exploit, as may others. Foxit appears to be more exploitable than
Adobe to this particular issue.

Sumatra is apparently immune or doesn't support this type of
exploit, and others may be as well.

Metasploit and several other have provided other or additional
styles of this type of exploit.

REFERENCES/EXAMPLES:
http://blog.didierstevens.com/2010/0...cape-from-pdf/
take particular note of the comment section for indications of how
easy the coding and modifications are.

http://www.metasploit.com/

Dan wrote:
FoxitReader has a new update.

MEB wrote:
Does it supposedly deal with these issues?

You did not quote the issues you refer to in your response. I have put that
part back (above.)

| I didn't because they were already removed.


You can easily check for yourself, as can anyone else. Foxit Software has a
security page he
http://www.foxitsoftware.com/pdf/reader/security.htm

Now that you can see the security page for Foxit Software and what patches
they have released and for what reasons those patches were released and the
referenced 'these issues' - do the updates deal with what you reported on
April 1, 2010?


| Since you have returned the links to the materials, would you say or
| advise that the issues have been fixed pursuant the original linked
| materials and your link?

| Apr. 2, 2010
| "Authorization Bypass When Executing An Embedded Executable.
| SUMMARY

| Fixed a security issue that Foxit Reader runs an executable embedded
| program inside a PDF automatically without asking for user�s permission.
| AFFECTED SOFTWARE VERSION

| Foxit Reader 3.2.0.0303."

| Have you personally tested for these vulnerabilities [see for example,
| the metasploit link] with/after the supposed fix/update?

| I would opine that they may deal with SOME of those reported issues, I
| would not go so far as to claim they were completely fixed when taken in
| conjunction with other exploits/vulnerabilities or per indications of
| other versions affected; or per other exploits using similar methods
| [since there appeared to be several methods to achieve the results],
| would you?

http://www.us-cert.gov/current/index...t_reader_3_2_1

"US-CERT encourages users and administrators to review the Foxit notice
regarding the release and upgrade to Foxit Reader 3.2.1.0401 to help
mitigate the risks."

I think the key word above is "help", perhaps I'm wrong.

Last weeks summary of vulnerabilities, in particular relating
Oracle/Sun JAVA and IE, seems to be a part of the total picture, add in
the OSs themselves and their vulnerabilities and we have a slightly
different total picture involved.

http://www.us-cert.gov/cas/bulletins/SB10-095.html

Oracle released an update:
http://www.oracle.com/technology/dep...pumar2010.html
"Due to the threat posed by a successful attack, Oracle strongly
recommends that customers apply CPU fixes as soon as possible. This
Critical Patch Update contains 27 new security fixes across all products."

--
MEB


Meb, I have been researching this vulnerability and apparently the new
update to FoxitReader software allows their to be a warning box that will pop
up before this vulnerability is launched.

http://www.pcworld.com/businesscente...ab ility.html

"I've reported it to Foxit Software, and they told me they will issue a fix
this week. I don't know what the fix will be, but I assume it will be a
warning message, to be in line with the other PDF readers," Stevens said via
e-mail. (from the article)

http://forums.foxitsoftware.com/showthread.php?t=18044

http://www.kb.cert.org/vuls/id/570177

"This issue is addressed in Foxit Reader 3.2.1.0401. This update will cause
Foxit Reader to prompt the user before using a Launch Action." (From US-Cert)

It appears that the makers of Foxit Reader are much more concerned about the
user's safety and security than the makers of Adobe Reader.


Again, though I applaud the efforts [call me overly cautious], I still
wouldn't go so far as to say the issues have been absolutely fixed when
one of the abilities/malicious activities is to "suppress" the pop-up
box, hence the warning never appears or is not seen, we have also seen
methods elsewhere for "auto" click/authorizations involved; so I'll
continue to reserve "its fixed" until real world proven.

As for Adobe, since that is basically its own "operating environment",
these issues will apparently be more difficult to address as they are
supposedly a "feature".

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
  #24  
Old April 14th 10, 08:30 AM posted to microsoft.public.win98.gen_discussion,microsoft.public.security.homeusers
MEB[_17_]
External Usenet User
 
Posts: 1,830
Default UPDATE Adobe - WARNING - PDF exploits - Adobe and Foxit [andothers] readers

On 04/01/2010 12:26 PM, MEB wrote:

This particular style of exploit has been around for quite sometime in
various forms. I have previously to advise of this style of attack.
Yet another party has posted the methodology and provided example coding.
Specially and EASILY crafted PDFs can be created to include calls to
external applications which are not blocked by JAVA or other
restrictions, yet can be run, forcing other unwanted activities [such as
opening IE or running commands] or exploiting other vulnerabilities
within other applications. This type of exploit can be used in
conjunction with other exploits, compounding the potential malicious
usage. These exploits can be modified to work within any OS, though
system restrictions and other security may mitigate some of the
potential exploits.

Adobe Reader and Foxit Reader are vulnerable to this style of exploit,
as may others. Foxit appears to be more exploitable than Adobe to this
particular issue.

Sumatra is apparently immune or doesn't support this type of exploit,
and others may be as well.

Metasploit and several other have provided other or additional styles
of this type of exploit.

REFERENCES/EXAMPLES:

http://blog.didierstevens.com/2010/0...cape-from-pdf/
take particular note of the comment section for indications of how easy
the coding and modifications are.

http://www.metasploit.com/


See other parts of this thread for information on FoxIt Reader updates.


US-CERT Technical Cyber Security Alert TA10-103C -- Adobe Reader and
Acrobat Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA10-103C


Adobe Reader and Acrobat Vulnerabilities

Original release date: April 13, 2010
Last revised: --
Source: US-CERT


Systems Affected

* Adobe Reader 9.3.1 and earlier 9.x versions
* Adobe Reader 8.2.1 and earlier versions
* Adobe Acrobat 9.3.1 and earlier 9.x versions
* Adobe Acrobat 8.2.1 and earlier versions


Overview

Adobe has released Security Bulletin APSB10-09, which describes
multiple vulnerabilities affecting Adobe Reader and Acrobat.


I. Description

Adobe Security Bulletin APSB10-09 describes a number of
vulnerabilities affecting Adobe Reader and Acrobat. These
vulnerabilities affect Reader and Acrobat 9.3.1 and earlier 9.x
versions, and 8.2.1 and earlier versions.

An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in is available for multiple web browsers and operating
systems, which can automatically open PDF documents hosted on a
website.


II. Impact

These vulnerabilities could allow a remote attacker to execute
arbitrary code, write arbitrary files or folders to the file
system, escalate local privileges, or cause a denial of service on
an affected system as the result of a user opening a malicious PDF
document.


III. Solution

Update

Adobe has released updates to address this issue. Users are
encouraged to read Adobe Security Bulletin APSB10-09 and update
vulnerable versions of Adobe Reader and Acrobat.

Adobe does not offer standalone installers of Reader or Acrobat
versions 9.3.2 or 8.2.2. For a fresh installation, first install
Adobe Reader 9.3.0 or 8.2.0 and then use the automatic update
feature or install the appropriate update referenced in APSB10-09.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript may prevent some exploits from resulting in
code execution. Acrobat JavaScript can be disabled using the
Preferences menu (Edit - Preferences - JavaScript; uncheck Enable
Acrobat JavaScript).

Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this feature may be useful when
specific APIs are known to be vulnerable or used in attacks.

Prevent Internet Explorer from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00

Disable the display of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.

To prevent PDF documents from automatically being opened in a web
browser, do the following:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the "Display PDF in browser" checkbox.

Do not access PDF documents from untrusted sources

Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on websites or delivered as email attachments. Please
see Cyber Security Tip ST04-010.


IV. References

* Security update available for Adobe Reader and Acrobat -
http://www.adobe.com/support/security/bulletins/apsb10-09.html

* Upcoming Adobe Reader and Acrobat 9.3.2 and 8.2.2 to be Delivered
by New Updater -

http://blogs.adobe.com/adobereader/2010/04/upcoming_adobe_reader_and_acro.html

* Adobe Reader and Acrobat JavaScript Blacklist Framework -
http://kb2.adobe.com/cps/504/cpsid_50431.html

__________________________________________________ __________________

The most recent version of this document can be found at:

http://www.us-cert.gov/cas/techalerts/TA10-103C.html
__________________________________________________ __________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with "TA10-103C Feedback VU#352598" in
the subject.
__________________________________________________ __________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html.
__________________________________________________ __________________

Produced 2010 by US-CERT, a government organization.

Terms of use:

http://www.us-cert.gov/legal.html
__________________________________________________ __________________

Revision History

April 13, 2010: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS8TuRj6pPKYJORa3AQJfzggAj8p3s/TrJT16ceFtRzLR31QBgRq6GxYr
h8WnsGlj2WR71XjH219XaWx9Mj3KBWVxbAsNPmK0tEir7KA+n4 DwZCewTDYRqfYs
8N7G9MOI68Z87+7zBiZAo0j5/lQuxLWyTF9PqWbX8gCWLqJWW46cEZCqg7OGRbYt
w8coxdMXU6tM3WGoWAIKwLRtpQUdubcITPTrE7RATyLJ1422B9 dkTSeSCuHHZs5d
eXSPYzTQ1EOwHpuA5/a/or2SjeRPLQcpxb/8WKelSqwW3hpK4zviEnPt4cYyeNqW
BQY06OQMTKch/nmniuEDuiwe69m0gTw7Tw2Dm6xrg6BLBy3A6GAwkQ==
=CQ6i
-----END PGP SIGNATURE-----


--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
  #25  
Old April 14th 10, 10:34 PM posted to microsoft.public.win98.gen_discussion,microsoft.public.security.homeusers
David H. Lipman
External Usenet User
 
Posts: 365
Default WARNING - PDF exploits - Adobe and Foxit [and others] readers

From: "MEB"


| This particular style of exploit has been around for quite sometime in
| various forms. I have previously to advise of this style of attack.
| Yet another party has posted the methodology and provided example coding.
| Specially and EASILY crafted PDFs can be created to include calls to
| external applications which are not blocked by JAVA or other
| restrictions, yet can be run, forcing other unwanted activities [such as
| opening IE or running commands] or exploiting other vulnerabilities
| within other applications. This type of exploit can be used in
| conjunction with other exploits, compounding the potential malicious
| usage. These exploits can be modified to work within any OS, though
| system restrictions and other security may mitigate some of the
| potential exploits.

| Adobe Reader and Foxit Reader are vulnerable to this style of exploit,
| as may others. Foxit appears to be more exploitable than Adobe to this
| particular issue.

| Sumatra is apparently immune or doesn't support this type of exploit,
| and others may be as well.

| Metasploit and several other have provided other or additional styles
| of this type of exploit.

| REFERENCES/EXAMPLES:

| http://blog.didierstevens.com/2010/0...cape-from-pdf/
| take particular note of the comment section for indications of how easy
| the coding and modifications are.

| http://www.metasploit.com/

Adobe Acrobat and Reader updates to bring the software to v9.3.2 has been released.

ftp://ftp.adobe.com/pub

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


  #26  
Old April 14th 10, 10:34 PM posted to microsoft.public.win98.gen_discussion,microsoft.public.security.homeusers
David H. Lipman
External Usenet User
 
Posts: 365
Default WARNING - PDF exploits - Adobe and Foxit [and others] readers

From: "MEB"


| This particular style of exploit has been around for quite sometime in
| various forms. I have previously to advise of this style of attack.
| Yet another party has posted the methodology and provided example coding.
| Specially and EASILY crafted PDFs can be created to include calls to
| external applications which are not blocked by JAVA or other
| restrictions, yet can be run, forcing other unwanted activities [such as
| opening IE or running commands] or exploiting other vulnerabilities
| within other applications. This type of exploit can be used in
| conjunction with other exploits, compounding the potential malicious
| usage. These exploits can be modified to work within any OS, though
| system restrictions and other security may mitigate some of the
| potential exploits.

| Adobe Reader and Foxit Reader are vulnerable to this style of exploit,
| as may others. Foxit appears to be more exploitable than Adobe to this
| particular issue.

| Sumatra is apparently immune or doesn't support this type of exploit,
| and others may be as well.

| Metasploit and several other have provided other or additional styles
| of this type of exploit.

| REFERENCES/EXAMPLES:

| http://blog.didierstevens.com/2010/0...cape-from-pdf/
| take particular note of the comment section for indications of how easy
| the coding and modifications are.

| http://www.metasploit.com/

Adobe Acrobat and Reader updates to bring the software to v9.3.2 has been released.

ftp://ftp.adobe.com/pub

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PDF exploits shown in this comparison as exceeding Flash based MEB[_17_] General 73 February 26th 10 04:18 AM
New Adobe Reader Zero Day Exploits - New FireFox exploits MEB[_16_] General 28 May 5th 09 12:29 AM
Foxit 2.3 PDF Reader Doesn't Work with 98 foo General 2 May 15th 08 09:23 PM
Question for Mike M, Foxit Justin Thyme General 3 January 8th 07 11:13 PM
Spybot and DSO Exploits Alias General 2 September 7th 04 04:03 PM


All times are GMT +1. The time now is 04:38 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.