<div>Hi,</div>
<div> </div>
<div>Too interesting and dangerous....Last couple of months there were PDF spamming (Stocks Information) all over the internet..I analyzed those PDF i didn't find any such thing....Did you checked them? Are they related to any vulnerability?
</div>
<div> </div>
<div>Regards,</div>
<div>Taneja Vikas</div>
<div><a href="http://annysoft.wordpress.com">http://annysoft.wordpress.com</a></div><br><br>
<div><span class="gmail_quote">On 9/20/07, <b class="gmail_sendername">pdp (architect)</b> <<a href="mailto:pdp.gnucitizen@googlemail.com">pdp.gnucitizen@googlemail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">> My upcoming research feature everything regarding this and the issue you<br>> have<br>> already discussed.
<br><br>really :).. which one... the one from last year?<br><br>On 9/20/07, Aditya K Sood <<a href="mailto:zeroknock@secniche.org">zeroknock@secniche.org</a>> wrote:<br>> pdp (architect) wrote:<br>> > <a href="http://www.gnucitizen.org/blog/0day-pdf-pwns-windows">
http://www.gnucitizen.org/blog/0day-pdf-pwns-windows</a><br>> ><br>> > I am closing the season with the following HIGH Risk vulnerability:<br>> > Adobe Acrobat/Reader PDF documents can be used to compromise your
<br>> > Windows box. Completely!!! Invisibly and unwillingly!!! All it takes<br>> > is to open a PDF document or stumble across a page which embeds one.<br>> ><br>> > The issue is quite critical given the fact that PDF documents are in
<br>> > the core of today's modern business. This and the fact that it may<br>> > take a while for Adobe to fix their closed source product, are the<br>> > reasons why I am not going to publish any POCs. You have to take my
<br>> > word for it. The POCs will be released when an update is available.<br>> ><br>> > Adobe's representatives can contact me from the usual place. My advise<br>> > for you is not to open any PDF files (locally or remotely). Other PDF
<br>> > viewers might be vulnerable too. The issues was verified on Windows XP<br>> > SP2 with the latest Adobe Reader 8.1, although previous versions and<br>> > other setups are also affected.<br>> >
<br>> > A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected soon.<br>> ><br>> > cheers<br>> ><br>> ><br>> Hi<br>><br>> Your point is right. But there are a number of factors other
<br>> than this<br>> in exploiting pdf in other sense. My latest research is working over the<br>> exploitation of PDF.<br>><br>> Even if you look at the core then there are no restriction on READ in PDF<br>
> in most of the versions. Only outbound data is filtered to some extent. you<br>> can even read /etc/passwd file from inside of PDF.<br>><br>> Other infection vector includes infection through Local Area Networks
<br>> through<br>> sharing and printing PDF docs and all.<br>><br>> My upcoming research feature everything regarding this and the issue you<br>> have<br>> already discussed.<br>><br>> Regards<br>> Aks
<br>> <a href="http://ww.secniche.org">http://ww.secniche.org</a><br>><br>><br>><br><br><br>--<br>pdp (architect) | petko d. petkov<br><a href="http://www.gnucitizen.org">http://www.gnucitizen.org</a><br></blockquote>
</div><br>