Comments on: Quickpost: /JBIG2Decode Trigger Trio

By: PDF a rischio exploit anche senza doppio click - CaptersTux

PDF a rischio exploit anche senza doppio click - CaptersTux — Thu, 18 Feb 2010 17:19:07 +0000

[...] illustrato da Stevens all”interno del suo post, Adobe Reader si integra in Windows Explorer permettendo [...]

By: Leeroy

Leeroy — Wed, 25 Nov 2009 00:14:02 +0000

#14: Yeah you’re right look what’s in pdfshell.dll

HKCR
{
NoRemove CLSID
{
ForceRemove {F9DB5320-233E-11D1-9F84-707F02C10627} = s ‘PDF Shell Extension’
{
InprocServer32 = s ‘%MODULE%’
{
val ThreadingModel = s ‘Apartment’
}
}
}

NoRemove Folder
{
NoRemove Shellex
{
NoRemove ColumnHandlers
{
ForceRemove {F9DB5320-233E-11D1-9F84-707F02C10627} = s ‘PDF Column Info’
}
}
}

NoRemove AcroExch.Document.7
{
NoRemove Shellex
{
ForceRemove {BB2E617C-0920-11d1-9A0B-00C04FC2D6C1} = s ‘{F9DB5320-233E-11D1-9F84-707F02C10627}’

NoRemove PropertySheetHandlers
{
ForceRemove InfoPage = s ‘{F9DB5320-233E-11D1-9F84-707F02C10627}’
}
}
}
}

By: Martin Holst Swende » Blog Archive » Metadata-exploits (Windows)

Martin Holst Swende » Blog Archive » Metadata-exploits (Windows) — Sat, 21 Nov 2009 21:26:33 +0000

[...] inget om den är skadlig – den kan inte göra något. Didier Stevens har postat en video ( http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/ )på tre scenarior där malware lyckas exekvera utan att filen “öppnas” genom att [...]

By: Blog » Blog Archive » Und immer wieder PDF-Angriffe

Blog » Blog Archive » Und immer wieder PDF-Angriffe — Thu, 18 Jun 2009 06:40:27 +0000

[...] gezeigt, dass er irrt. Zu vier Angriffsvarianten die der Security-Analyst Didier Stevens vorgestellt hat berichtete ich [...]

By: ψ² = Ps(i)² » Blog Archive » Wer hat an der Uhr gedreht…

ψ² = Ps(i)² » Blog Archive » Wer hat an der Uhr gedreht… — Wed, 10 Jun 2009 09:20:35 +0000

[...] Dazu nutzt er die /JBIG2 Schwachstelle. Schon im März hatte der Security-Resercher drei Methoden vorgestellt, bei denen zwar keine Datei geöffnet werden, aber das Opfer immerhin noch passiv mitwirken musste. [...]

By: /dev/random » Blog Archive » Use Google Mail as a Sandbox

/dev/random » Blog Archive » Use Google Mail as a Sandbox — Fri, 24 Apr 2009 20:02:28 +0000

[...] a few months, PDF files have been hit by several security issues and recently, a zero-day exploit targeted Powerpoint files. Why not use GMail as a sandbox? [If you [...]

By: OIT Software Support Blog · PDF Threat!

OIT Software Support Blog · PDF Threat! — Thu, 12 Mar 2009 16:59:50 +0000

[...] about the vulnerability and proof-of-concept videos can be found here for the inquiring minds.PDF Exploit Search this [...]

By: Adobe rilascia finalmente la patch per Adobe Reader e Acrobat 9.1 » Italia SW

Wed, 11 Mar 2009 13:00:15 +0000

[...] bug che “consentiva agli autori di malware di portare a termine infezioni nel nostro sistema senza “obbligarci” all’apertura di un file PDF opportunamente modificato” (leggi l’articolo Il BUG [...]

By: A New Twist to the Adobe Vulnerability - Yudhitech DotNet

A New Twist to the Adobe Vulnerability - Yudhitech DotNet — Wed, 11 Mar 2009 08:11:42 +0000

[...] releases its patch next week, think again. Didier Stevens, an IT security consultant last week demonstrated that simply viewing the folder containing compromised PDF documents within Microsoft’s [...]

By: rath's me2DAY

rath's me2DAY — Wed, 11 Mar 2009 07:00:35 +0000

rath의 생각…

Acrobat Reader도 해킹툴로 쓰일 수 있다니.. 게다가 PDF 파일을 열지 않아도 된단다. -_- 여튼 오늘 패치가 떴으니 Windows 에서 PDF 보는 사람은 꼭 설치하시길….