鬼仔's Blog

来源：Ph4nt0m Google Group

Link to exploit:

Please download and open it locally in Adobe Acrobat (not in Adobe Acrobat
ActiveX control):

http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf

Description:

0-day proof of concept (PoC) exploit for Adobe Acrobat.

Software affected:

+ Adobe Reader 8.1 (and earlier)
+ Adobe Acrobat Standard, Pro and Elements 8.1 (and earlier)
+ Adobe Acrobat 3D

System affected:

+ Windows XP with IE7

Details:

To view exploit code in Adobe Acrobat go to: Pages -> Page Properties ->
Actions
(trigger: Page Open, action: Open a web link)

This is URL handling bug in shell32!ShellExecute()

Workaround:

Currently unavailable.

Thanks to:

pdp (at) gnucitizen.org for his investigation

regards,
cyanid-E <biz4rre[at]gmail.com>