Author Topic: Adobe/Acrobat 0-day (Read 21952 times)

WIEx · February 24, 2009, 02:38:17 pm

Serg, thx, good work:)

Serg · February 24, 2009, 04:17:48 pm

Quote from: WIEx on February 24, 2009, 02:38:17 pm

Serg, thx, good work:)

Ur welcome)
WIEx r u from opensc.ws? $:-\$ and r ur icq 274734*?

WIEx · February 24, 2009, 04:56:05 pm

Quote

WIEx r u from opensc.ws?

No, Only as a spectator)

Quote

and r ur icq 274734*?

no:)

SysAdMini · February 25, 2009, 07:04:27 am

Adobe Acrobat pdf 0-day exploit, No JavaScript needed
https://isc.sans.org/diary.html?storyid=5926

http://secunia.com/blog/44/

Serg · February 25, 2009, 08:03:34 am

tested on malware

payload doesn't start but reader crached => exp works, no js needed... shit...

Serg · February 25, 2009, 10:14:38 am

Adobe Reader and Acrobat Issue update
http://blogs.adobe.com/psirt/

Quote

Adobe is also planning to make updates available for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18th.

Quote

1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

I hate adobe. 1 month without solution...

WIEx · February 25, 2009, 01:38:10 pm

upload this file here

dash_neghab · February 26, 2009, 01:42:40 pm

Could we have this file for analysis also? At least entire javascript code....

Serg · February 26, 2009, 02:46:46 pm

Quote from: dash_neghab on February 26, 2009, 01:42:40 pm

Could we have this file for analysis also? At least entire javascript code....

No

SysAdMini · March 04, 2009, 06:36:12 pm

Didier Stevens decribes a howto get infected from this pdf vulnerability WITHOUT opening the pdf file !!!!

Quickpost: /JBIG2Decode Trigger Trio
http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/

kenrry · March 09, 2009, 02:59:51 am

Quote from: Serg on February 26, 2009, 02:46:46 pm

Quote from: dash_neghab on February 26, 2009, 01:42:40 pm
Could we have this file for analysis also? At least entire javascript code....
No

maybe,the javascript code its not important ,javascript only make a heap spray with a address,but from the info on the net, cant find the exploit address,so the head of jbig2decode stream i think is very important
also ,in windows,if the mouse jump to the PDF file ,the acroRD32info.exe will open it without using reader,
add me with icq 94507815 and get more info

dash_neghab · March 13, 2009, 07:58:36 am

Thanks for PoC :-)

DiFor · March 13, 2009, 03:25:52 pm

tell me plz, how can I insert it in a way exploit JS source, or Shellcode (execute for example)?

dash_neghab · March 14, 2009, 07:01:38 am

Ask Serg about it

sowhat-x · March 14, 2009, 02:47:24 pm

He-he,I really hate "replying in place" of others,but well...I think Serg already gave his answer regarding this issue...

Author Topic: Adobe/Acrobat 0-day (Read 21952 times)

WIEx

Re: Adobe/Acrobat 0-day

Serg

Re: Adobe/Acrobat 0-day

WIEx

Re: Adobe/Acrobat 0-day

SysAdMini

Re: Adobe/Acrobat 0-day

Serg

Re: Adobe/Acrobat 0-day

Serg

Re: Adobe/Acrobat 0-day

WIEx

Re: Adobe/Acrobat 0-day

dash_neghab

Re: Adobe/Acrobat 0-day

Serg

Re: Adobe/Acrobat 0-day

SysAdMini

Re: Adobe/Acrobat 0-day

kenrry

Re: Adobe/Acrobat 0-day

dash_neghab

Re: Adobe/Acrobat 0-day

DiFor

Re: Adobe/Acrobat 0-day

dash_neghab

Re: Adobe/Acrobat 0-day

sowhat-x

Re: Adobe/Acrobat 0-day