[Full-disclosure] odd Adobe Acrobat thing...
se_cur_ity at hotmail.com
Mon Jul 4 06:37:29 BST 2005
simply rolling over a *.pdf on your desktop launches...
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
im guessing Explorer is doing some odd things ( preloading on a rollover )
..reminds me of the jpg GDI exploit. i imagine if AcroRd32Info.exe is
exploitable you could craft a bad .pdf with data to overflow that exe. ( a
simple rollover would start the sploit )
Full-Disclosure is hosted and sponsored by Secunia.