Can please anyone tell me where to find very specific information about that vulnerability? I'd like to study and recreate one calculator opener as my homework.

Hello guys, I need to convert a WMF document into PDF format. How do I do it?

YAY ... man i want that pdf / cpp source pleaaaaaaaase it is awesome stuff!

scemi

kick ass

i don't understand what just happened. maybe it was just the quality of the viewing process or that i'm just really really stupid. probably the latter.

An error in how Adobe Reader parses PDF files lets hackers make a PDF that can launch a command on the computer of whoever tries to open the file. In this example (poc = proof of concept) Notepad and Calculator is launched, but it might as well be commands to add users to the system, or install a backdoor, etc.

It is quite serious.

The programmer in me screams "buffer overrun," the geek in me just says "OH SNAP!!!"

slashdot.

Right. Nobody. Except for the vast majority of desktop PC users.

Anybody know if this exploit effects the adobe reader for Linux or Unix?

only affects adobe's pdf reader apparently

Right. But does it affect the ones for Unix and Linux?

I doubt many *nix users would use adobe's pdf reader. I think its closed-source, and probably pretty poor quality in comparison to an alternative made by a higher quality and quantity of developers.

Let the dumb Windows users suffer in peace, until they learn what a computer is and how to use it.

I guess my question is what this vulnerability exploits. However unlikely, it could possibly simply be something that can be done via almost any platform.

Also, when did this become a "One Family of OS is better than another"? That argument can be taken elsewhere. It's all about preference on the end-user's part.

Was just saying its less likely to affect *nix users cos they tend to stay away from the mainstream close-source software solutions.

Most likely a software exploit (Adobe reader) not the PDF format itself. It'd be nice if this PoC explained a bit more.

hell yeah!

for me xpdf is superior to Adobe reader ;)

:D ditto.

I think also Open Office exports PDF format, although I havent tried that so I don't know for sure.

Actually last time I heard less computers run windows than *nix variants (business servers/terminals). Maybe certain groups of home users like pensioners, rich people/fools who think that spending more money will get them better software, when its the opposite.

Besides, use your head, and you'll know the age of physical media and costly communication is over, copyright and proprietary software have had their day. If it wasnt for them grasping onto the legal system they'd both be extinct. Microsoft are not going to cope if they dont pull out soon.

Dude. Please let us know what to disable to avoid this shit until they patch it!

Just don't open PDF files from untrusted sources!

ouch.

nothing

Basically pdfs can launch programs..... which could install things on ur pc such as viruses etc.

Dang, that's kinda scary.

The video is practically useless to users of pdfs, but it is a perfect way for him to show us his PoCs without actually releasing them.. so Kudos to PdP

What did he write in the text editor?

@Input006: he wrote in the text editor "this is it!" (The text in the PDF files is: "The following POC can be used for experimental purposes only. GNUCITIZEN disclaims any responsibility for your own actions.")

Not really a fake.

Adpbe said that this vulnerability does exist.

Where and when did Adobe say this?

That's a good question; so far I've only seen Petko Petkov /claim/ that Adobe has acknowledged the vulnerability.

I thought so. This partial disclosure BS is useless. It serves no purpose to release something like this and the video does not prove anything.

Hear hear. Either full disclosure, or keep it to yourself and notify the vendor. Anything in between is just advertising to better sell the exploit (if there is one at all) to the blackhats.

well... he was able to open a second program by opening a pdf... you can use it to open a exe (virus)...

they did.

Ok... Where??