[Full-disclosure] 0-day PDF exploit
biz4rre at gmail.com
biz4rre at gmail.com
Tue Oct 16 13:00:14 BST 2007
Zero day PDF exploit for Adobe Acrobat
Link to exploit:
Please download and open it locally in Adobe Acrobat (not in Adobe Acrobat
ActiveX control):
http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf
Description:
0-day proof of concept (PoC) exploit for Adobe Acrobat.
Software affected:
+ Adobe Reader 8.1 (and earlier)
+ Adobe Acrobat Standard, Pro and Elements 8.1 (and earlier)
+ Adobe Acrobat 3D
System affected:
+ Windows XP with IE7
Details:
To view exploit code in Adobe Acrobat go to: Pages -> Page Properties ->
Actions
(trigger: Page Open, action: Open a web link)
This is URL handling bug in shell32!ShellExecute()
Workaround:
Currently unavailable.
Thanks to:
pdp (at) gnucitizen.org for his investigation
regards,
cyanid-E <biz4rre at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071016/c3f41d85/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.