[Full-disclosure] Re: odd Adobe Acrobat thing...
davek_throwaway at hotmail.com
Mon Jul 4 14:45:30 BST 2005
>From: Morning Wood
>Message-Id: BAY10-DAV15FB4ABD3CF6D1FADB80DED9E70 at phx.gbl
> i noticed...
> simply rolling over a *.pdf on your desktop launches...
> C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
Probably only if you have that godawful webview of folders switched on and
it's trying to render a little thumbnail to put at the bottom of the html
column on the left-hand-side, no? I'm still on Acrobat 6.0 and it doesn't
do that, at least the way I have it configured. Adobe have probably
implemented whatever COM interface it is that renders a thumbnail for
explorer in their shell extension between v6 and v7.
> im guessing Explorer is doing some odd things ( preloading on a rollover )
> ..reminds me of the jpg GDI exploit. i imagine if AcroRd32Info.exe is
> exploitable you could craft a bad .pdf with data to overflow that exe. ( a
> simple rollover would start the sploit )
Yep, it's the exact same problem. 'doze is basically launching a viewer
application (ok, COM server) whenever you mouse over various types. This is
as bad an idea as the option to make-things-seem-more-like-the-web
automatically launch files when you click on them once instead of twice, or
one-touch record on tape decks, or fire alarms with the glass pre-smashed,
or any other vital fool-proof safety measure that someone removed because it
was 'inconvenient' :-(
Can't think of a witty .sigline today....
Full-Disclosure is hosted and sponsored by Secunia.