http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/ (blog 'DidierStevens) Sat, 11 Feb 2012 16:16:49 +0000 hourly 1 http://wordpress.com/ http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/#comment-41882 Sat, 19 Feb 2011 21:21:09 +0000 http://blog.didierstevens.com/?p=2178#comment-41882 [...] droits de l’utilisateur [5]. Cette vulnérabilité a été en partie patchée en juin 2010 [6], puis un moyen de contourner le patch a été publié en juillet [7]. Un nouveau patch a été [...]

]]> http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/#comment-39038 Sun, 04 Jul 2010 21:20:13 +0000 http://blog.didierstevens.com/?p=2178#comment-39038 [...] Stevens @ 21:20 Adobe has released a new Adobe Reader version that contains functionality to block my /Launch action PoC, but Bkis found a bypass: just put double quotes around cmd.exe, like this:  [...]

]]> http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/#comment-39022 Thu, 01 Jul 2010 06:02:27 +0000 http://blog.didierstevens.com/?p=2178#comment-39022 [...] has taken Adobe three months to release the patch. On the blog entry, Didier confirms that Adobe has completely fixed the flaw. However the patch turns out to be [...]

]]> http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/#comment-39020 Thu, 01 Jul 2010 04:45:12 +0000 http://blog.didierstevens.com/?p=2178#comment-39020 Didier, Please escape form PDF
http://blog.bkis.com/en/adobe-fix-still-allows-escape-from-pdf/

]]> http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/#comment-39019 Thu, 01 Jul 2010 01:01:22 +0000 http://blog.didierstevens.com/?p=2178#comment-39019 Did you see this reference to an easy bypass of the ‘fix’? It appears in comments to ISC’s story on the patch.
http://blog.bkis.com/en/adobe-fix-still-allows-escape-from-pdf/

]]> http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/#comment-39017 Wed, 30 Jun 2010 21:17:16 +0000 http://blog.didierstevens.com/?p=2178#comment-39017 I know this is a lazy comment but can you confirm that either the /Launch command can not be enabled or that if it can be (through registry setting?), the message box is still mandatory and can not be modified ?

]]> http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/#comment-39013 Wed, 30 Jun 2010 16:52:45 +0000 http://blog.didierstevens.com/?p=2178#comment-39013 @Nobody Will disclose this at Brucon.org

]]> http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/#comment-39010 Wed, 30 Jun 2010 14:07:32 +0000 http://blog.didierstevens.com/?p=2178#comment-39010 time to come up with some other attacks

]]> http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/#comment-39009 Wed, 30 Jun 2010 12:58:12 +0000 http://blog.didierstevens.com/?p=2178#comment-39009 [...] applications" feature will be disabled by default. Alert dialogues will also no longer display the parameters submitted by the attacker, which could confuse users, instead only displaying the [...]

]]> http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/#comment-39005 Tue, 29 Jun 2010 22:04:38 +0000 http://blog.didierstevens.com/?p=2178#comment-39005 Time to disclosure details about change pop-up message?

]]>