Author Topic: Adobe/Acrobat 0-day  (Read 15647 times)

0 Members and 1 Guest are viewing this topic.

February 24, 2009, 02:38:17 pm
Reply #15

WIEx

  • Jr. Member

  • Offline
  • **

  • 34
    • Security
Serg, thx, good work:)

February 24, 2009, 04:17:48 pm
Reply #16

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
Serg, thx, good work:)
Ur welcome)
WIEx r u from opensc.ws?  :-\ and r ur icq 274734*?

February 24, 2009, 04:56:05 pm
Reply #17

WIEx

  • Jr. Member

  • Offline
  • **

  • 34
    • Security
Quote
WIEx r u from opensc.ws?
No, Only as a spectator)

Quote
and r ur icq 274734*?
no:)

February 25, 2009, 07:04:27 am
Reply #18

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

February 25, 2009, 08:03:34 am
Reply #19

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
tested on malware

payload doesn't start but reader crached => exp works, no js needed... shit...

February 25, 2009, 10:14:38 am
Reply #20

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
Adobe Reader and Acrobat Issue update
http://blogs.adobe.com/psirt/

Quote
Adobe is also planning to make updates available for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18th. :o

Quote
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the Enable Acrobat JavaScript option :o
5. Click OK

I hate adobe. 1 month without solution... >:(

February 25, 2009, 01:38:10 pm
Reply #21

WIEx

  • Jr. Member

  • Offline
  • **

  • 34
    • Security
upload this file here

February 26, 2009, 01:42:40 pm
Reply #22

dash_neghab

  • Newbie

  • Offline
  • *

  • 7
Could we have this file for analysis also? At least entire javascript code....

February 26, 2009, 02:46:46 pm
Reply #23

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
Could we have this file for analysis also? At least entire javascript code....
No :-*

March 04, 2009, 06:36:12 pm
Reply #24

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Didier Stevens decribes a howto get infected from this pdf vulnerability WITHOUT opening the pdf file !!!!

Quickpost: /JBIG2Decode Trigger Trio
http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/
Ruining the bad guy's day

March 09, 2009, 02:59:51 am
Reply #25

kenrry

  • Newbie

  • Offline
  • *

  • 1
Could we have this file for analysis also? At least entire javascript code....
No :-*
maybe,the javascript code its not important ,javascript only make a heap spray with a address,but  from the info on the net, cant find the exploit address,so the head of jbig2decode stream i think is very important
also ,in windows,if the mouse jump to the PDF file ,the acroRD32info.exe will open it without using reader,
add me with icq 94507815 and get more info

March 13, 2009, 07:58:36 am
Reply #26

dash_neghab

  • Newbie

  • Offline
  • *

  • 7
Thanks for PoC :-)  :-*

March 13, 2009, 03:25:52 pm
Reply #27

DiFor

  • Jr. Member

  • Offline
  • **

  • 19
tell me plz, how can I insert it in a way exploit JS source, or Shellcode (execute for example)?

March 14, 2009, 07:01:38 am
Reply #28

dash_neghab

  • Newbie

  • Offline
  • *

  • 7
Ask Serg about it

March 14, 2009, 02:47:24 pm
Reply #29

sowhat-x

  • Guest
He-he,I really hate "replying in place" of others,but well...I think Serg already gave his answer regarding this issue...  ::)