首页 > 网络安全 > Zero day PDF exploit for Adobe Acrobat

Zero day PDF exploit for Adobe Acrobat

2007年10月17日 发表评论 阅读评论

from:neeao
Zero day PDF exploit for Adobe Acrobat

Link to exploit:

Please download and open it locally in Adobe Acrobat (not in Adobe Acrobat
ActiveX control):

http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf

Description:

0-day proof of concept (PoC) exploit for Adobe Acrobat.

Software affected:

+ Adobe Reader 8.1 (and earlier)
+ Adobe Acrobat Standard, Pro and Elements 8.1 (and earlier)
+ Adobe Acrobat 3D

System affected:

+ Windows XP with IE7

Details:

To view exploit code in Adobe Acrobat go to: Pages -> Page Properties ->
Actions
(trigger: Page Open, action: Open a web link)

This is URL handling bug in shell32!ShellExecute()

Workaround:

Currently unavailable.

Thanks to:

pdp (at) gnucitizen.org for his investigation

regards,
cyanid-E

转载请注明:woyigui's blog [http://www.woyigui.cn/]
本文标题:Zero day PDF exploit for Adobe Acrobat
本文地址:http://www.woyigui.cn/2007/10/17/zerodaypdfexploitforadobeacrobat/

分类: 网络安全 标签:
  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.
*