Comments on: Quickpost: /JBIG2Decode Trigger Trio http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/ (blog 'DidierStevens) Sat, 11 Feb 2012 16:16:49 +0000 hourly 1 http://wordpress.com/ By: Quick post | Wishka http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/#comment-43201 Sun, 29 May 2011 04:16:19 +0000 http://blog.didierstevens.com/?p=1275#comment-43201 [...] Quickpost: /JBIG2Decode Trigger Trio « Didier StevensDS, Quick question, how many AVs on virus total detected these 3 pdfs properly … [...] Slashdot, I just ran across Didier Stevens post on how to automate the JBIG2decode vulnerability in PDF documents.  There is a video on the site where he runs through three [...] [...]

]]> By: Quickpost: "It Does No Harm…" or Does It? « Didier Stevens http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/#comment-41483 Mon, 17 Jan 2011 00:00:59 +0000 http://blog.didierstevens.com/?p=1275#comment-41483 [...] to name here because of SEO reasons), installs a Windows explorer shell extension (we’ve discussed the risks of these shells before). The problem with this tool’s shell extension (a DLL), is that it is compiled without the [...]

]]> By: PDF a rischio exploit anche senza doppio click - CaptersTux http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/#comment-37716 Thu, 18 Feb 2010 17:19:07 +0000 http://blog.didierstevens.com/?p=1275#comment-37716 [...] illustrato da Stevens all”interno del suo post, Adobe Reader si integra in Windows Explorer permettendo [...]

]]> By: Leeroy http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/#comment-36552 Wed, 25 Nov 2009 00:14:02 +0000 http://blog.didierstevens.com/?p=1275#comment-36552 #14: Yeah you’re right look what’s in pdfshell.dll

HKCR
{
NoRemove CLSID
{
ForceRemove {F9DB5320-233E-11D1-9F84-707F02C10627} = s ‘PDF Shell Extension’
{
InprocServer32 = s ‘%MODULE%’
{
val ThreadingModel = s ‘Apartment’
}
}
}

NoRemove Folder
{
NoRemove Shellex
{
NoRemove ColumnHandlers
{
ForceRemove {F9DB5320-233E-11D1-9F84-707F02C10627} = s ‘PDF Column Info’
}
}
}

NoRemove AcroExch.Document.7
{
NoRemove Shellex
{
ForceRemove {BB2E617C-0920-11d1-9A0B-00C04FC2D6C1} = s ‘{F9DB5320-233E-11D1-9F84-707F02C10627}’

NoRemove PropertySheetHandlers
{
ForceRemove InfoPage = s ‘{F9DB5320-233E-11D1-9F84-707F02C10627}’
}
}
}
}

]]> By: Martin Holst Swende » Blog Archive » Metadata-exploits (Windows) http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/#comment-36470 Sat, 21 Nov 2009 21:26:33 +0000 http://blog.didierstevens.com/?p=1275#comment-36470 [...] inget om den är skadlig – den kan inte göra något. Didier Stevens har postat en video ( http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/ )på tre scenarior där malware lyckas exekvera utan att filen “öppnas” genom att [...]

]]> By: Blog » Blog Archive » Und immer wieder PDF-Angriffe http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/#comment-35181 Thu, 18 Jun 2009 06:40:27 +0000 http://blog.didierstevens.com/?p=1275#comment-35181 [...] gezeigt, dass er irrt. Zu vier Angriffsvarianten die der Security-Analyst Didier Stevens vorgestellt hat berichtete ich [...]

]]> By: ψ² = Ps(i)² » Blog Archive » Wer hat an der Uhr gedreht… http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/#comment-35109 Wed, 10 Jun 2009 09:20:35 +0000 http://blog.didierstevens.com/?p=1275#comment-35109 [...] Dazu nutzt er die /JBIG2 Schwachstelle. Schon im März hatte der Security-Resercher drei Methoden vorgestellt, bei denen zwar keine Datei geöffnet werden, aber das Opfer immerhin noch passiv mitwirken musste. [...]

]]> By: /dev/random » Blog Archive » Use Google Mail as a Sandbox http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/#comment-34694 Fri, 24 Apr 2009 20:02:28 +0000 http://blog.didierstevens.com/?p=1275#comment-34694 [...] a few months, PDF files have been hit by several security issues and recently, a zero-day exploit targeted Powerpoint files. Why not use GMail as a sandbox? [If you [...]

]]> By: OIT Software Support Blog · PDF Threat! http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/#comment-34351 Thu, 12 Mar 2009 16:59:50 +0000 http://blog.didierstevens.com/?p=1275#comment-34351 [...] about the vulnerability and proof-of-concept videos can be found here for the inquiring minds.PDF Exploit Search this [...]

]]> By: Adobe rilascia finalmente la patch per Adobe Reader e Acrobat 9.1 » Italia SW http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/#comment-34341 Wed, 11 Mar 2009 13:00:15 +0000 http://blog.didierstevens.com/?p=1275#comment-34341 [...] bug che “consentiva agli autori di malware di portare a termine infezioni nel nostro sistema senza “obbligarci” all’apertura di un file PDF opportunamente modificato” (leggi l’articolo Il BUG [...]

]]>