Hi,
When I was reading the report about Charlie Miller's fuzzing
experiment in PDF[1], I am quite eager to see all his crashes[2], to
confirm whether they are covered by my recent PDF-specific
exploitation research.
Feel free to have a general idea about the research in following blog
post. It
Hi there,
Just want to let you know, the Fortinet's FortiGuard Global Security
Research Team has provided an in-depth research on the recent PDF
zero-day exploit (CVE-2009-3459).
http://www.fortiguard.com/analysis/pdfanalysis.html
Taking a look back over this 0-day attack as a whole, each
col man:)
Date: Tue, 25 Nov 2008 11:30:48 +0800
From: [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Anehta0.6.0 -- a new XSS Attack Platform!
Anehta is an open source XSS Attack Platform which is maintained by [EMAIL
PROTECTED]
Project
cool man! cool the Chinese guys!
welcome to my blog:http://ruder.cdut.net
Date: Fri, 5 Sep 2008 15:45:01 +0800From: [EMAIL PROTECTED]: [EMAIL PROTECTED];
[EMAIL PROTECTED]: [Full-disclosure] XCon 2008 Call for Paper
XCon 2008 Call for PaperNov. 18th �C 19th, 2008, Beijing, PRC
Microsoft Windows Messenger Remote Illegal Access Vulnerability
by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net
Summary:
A remote illegal access vulnerability exists in Microsoft Windows
Live Messenger. A vicious attacker can control the Live Messenger via
constructing
RealNetworks RealPlayer ActiveX Illegal Resource Reference Vulnerability
by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net
Summary:
An illegal resource reference vulnerability exists in the ActiveX
Control of RealNetworks RealPlayer. For exploiting the vulnerability
Akamai Download Manager File Downloaded To Arbitrary Location Vulnerability
by cocoruder([EMAIL PROTECTED])
http://ruder.cdut.net
Summary:
A parameter injection vulnerability exists in Akamai Download
Manager. By exploiting this vulnerability, the remote attacker can
make the users
Office Publisher PUB File Parsing Remote Memory Corruption
Vulnerability
by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net
Summary:
A memory corruption vulnerability exists in Microsoft Office
Publisher while it is parsing PUB file. An attacker who successfully
exploit
Adobe Acrobat Professional Javascript For PDF Security Feature Bypass
and Memory Corruption Vulnerabilities
by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net
Summary:
Two critical vulnerabilities exist in the javascript API of Adobe
Acrobat Professional 7. A remote attacker who
[UPDATE]Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability
by cocoruder([EMAIL PROTECTED])
http://ruder.cdut.net, updated on 2008.05.06
Summary:
A design error vulnerability exists in Adobe Reader and Adobe
Acrobat Professional. A remote attacker who successfully exploit
Hey man, I think if you do not use the chinese email address and do not let
anyone know you are chinese, there will be not so many worries, you know,
chinese guy can became untrust more easily because they even do say do not
free the Tibet, what a strange thing, especially you are sharing an
Adobe Flash CS3 Professional FLA File Parsing Multiple Local Code
Execute Vulnerabilities
by cocoruder([EMAIL PROTECTED])
http://ruder.cdut.net
Summary:
More than three local code execute vulnerabilities exist in Adobe
Flash CS3 Professional while it is parsing FLA files. An attacker who
Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability
by cocoruder([EMAIL PROTECTED])
http://ruder.cdut.net
Summary:
A design error vulnerability exists in Adobe Reader and Adobe
Acrobat Professional. A remote attacker who successfully exploit this
vulnerability can control
it is so amazing that the vendor's advisory has been released more than one
month ago, (see my advisory of a similar vul at
http://ruder.cdut.net/blogview.asp?logID=221), and another thing is that I have
tested my reported vul again after CA's patch released one month ago, but in
fact they
Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability
by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net
Summary:
A remote code execute vulnerability exists in Microsoft Jet
Engine. A remote attacker who successfully exploit this vulnerability
can execute arbitrary
there is a PDF file format vul because the vulnerability
affecting both Adobe Reader and Foxit Reader. Thanks for your infos again.
welcome to my blog:
http://ruder.cdut.net
From: [EMAIL PROTECTED]
To: cocoruder . [EMAIL PROTECTED]
CC: full-disclosure@lists.grok.org.uk
Subject: Re: [Full
Why everybody said it is a zero day about PDF? it's just a fault in IE7, or
just want to make a big media hit? real PDF zero day will exists in the
PDF's file format, or some Adobe's expanded functions.
welcome to my blog:
http://ruder.cdut.net
From: [EMAIL PROTECTED]
To:
yes I believe the vuls will most from the JS feature, and we (Fortinet
Security Research Team) has finished our security review on Adobe
Reader/Acrobat, with the vendor's process, we will release advisories some
months too, expecting it!
welcome to my blog:
http://ruder.cdut.net
From:
This is a crisis of Immunity, if you want to let the geezers believe you
should give more evidences not only MD5 hashes.
welcome to my blog:
http://ruder.cdut.net
From: goudatr0n [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] [Security Advisory]
i strongly thinks the folloing pics may include some 0days:)
welcome to my blog:
http://ruder.cdut.net
From: Ken Swain [EMAIL PROTECTED]
To: Miss Aveline [EMAIL PROTECTED]
CC: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Sexy,spankable 22 year old girl looking for
a
Alibaba Alipay Remote Code Execute Vulnerability
by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net
Summary:
Alipay is China’s leading online payment service, and a division of
Alibaba.com. It enables individuals and businesses to securely, easily and
quickly send and receive
21 matches
Mail list logo