Adobe has released a new Adobe Reader version with a fix for my /Launch action PoC PDF.
Before version 9.3.3:
Since version 9.3.3:
Not only is the dialog box fixed, but the /Launch action is also disabled by default.
Adobe has released a new Adobe Reader version with a fix for my /Launch action PoC PDF.
Before version 9.3.3:
Since version 9.3.3:
Not only is the dialog box fixed, but the /Launch action is also disabled by default.
RSS feed for comments on this post. TrackBack URI
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Time to disclosure details about change pop-up message?
Comment by Nobody — Tuesday 29 June 2010 @ 22:04
[…] applications" feature will be disabled by default. Alert dialogues will also no longer display the parameters submitted by the attacker, which could confuse users, instead only displaying the […]
Pingback by Adobe Reader and Acrobat updates close 17 critical holes — Wednesday 30 June 2010 @ 12:58
time to come up with some other attacks 🙂
Comment by zhane — Wednesday 30 June 2010 @ 14:07
@Nobody Will disclose this at Brucon.org
Comment by Didier Stevens — Wednesday 30 June 2010 @ 16:52
I know this is a lazy comment but can you confirm that either the /Launch command can not be enabled or that if it can be (through registry setting?), the message box is still mandatory and can not be modified ?
Comment by Wim — Wednesday 30 June 2010 @ 21:17
Did you see this reference to an easy bypass of the ‘fix’? It appears in comments to ISC’s story on the patch.
http://blog.bkis.com/en/adobe-fix-still-allows-escape-from-pdf/
Comment by Paul — Thursday 1 July 2010 @ 1:01
Didier, Please escape form PDF
http://blog.bkis.com/en/adobe-fix-still-allows-escape-from-pdf/
Comment by Royal — Thursday 1 July 2010 @ 4:45
[…] has taken Adobe three months to release the patch. On the blog entry, Didier confirms that Adobe has completely fixed the flaw. However the patch turns out to be […]
Pingback by Adobe fix still allows “Escape from PDF” | MEDOIX — Thursday 1 July 2010 @ 6:02
[…] Stevens @ 21:20 Adobe has released a new Adobe Reader version that contains functionality to block my /Launch action PoC, but Bkis found a bypass: just put double quotes around cmd.exe, like this: […]
Pingback by Quickpost: Preventing the /Launch Action “cmd.exe” Bypass « Didier Stevens — Sunday 4 July 2010 @ 21:20
[…] droits de l’utilisateur [5]. Cette vulnérabilité a été en partie patchée en juin 2010 [6], puis un moyen de contourner le patch a été publié en juillet [7]. Un nouveau patch a été […]
Pingback by escape from PDF | Linux-backtrack.com — Saturday 19 February 2011 @ 21:21