Comments on: PDF Exploit – In the wild, and how to decode http://ddos.arbornetworks.com/2008/11/pdf-exploit-in-the-wild-and-how-to-decode/ A weblog dedicated to educating the community on security threats that matter Sun, 29 Jan 2012 02:23:23 +0000 hourly 1 http://wordpress.org/?v= By: Didier Stevens http://ddos.arbornetworks.com/2008/11/pdf-exploit-in-the-wild-and-how-to-decode/comment-page-1/#comment-177200 Didier Stevens Mon, 10 Nov 2008 22:59:54 +0000 http://asert.arbornetworks.com/?p=449#comment-177200 I analyzed 2 malicious PDF files (data.pdf and info.pdf). My info.pdf has the same MD5 hash as the file you analyzed. data.pdf is an older version, I uncovered this via incremental updates and metadata found in data.pdf. Details here: http://blog.didierstevens.com/2008/11/10/shoulder-surfing-a-malicious-pdf-author/ I analyzed 2 malicious PDF files (data.pdf and info.pdf). My info.pdf has the same MD5 hash as the file you analyzed. data.pdf is an older version, I uncovered this via incremental updates and metadata found in data.pdf. Details here:
http://blog.didierstevens.com/2008/11/10/shoulder-surfing-a-malicious-pdf-author/

]]> By: Andrew Hay » Blog Archive » links for 2008-11-10 http://ddos.arbornetworks.com/2008/11/pdf-exploit-in-the-wild-and-how-to-decode/comment-page-1/#comment-177169 Andrew Hay » Blog Archive » links for 2008-11-10 Mon, 10 Nov 2008 21:02:22 +0000 http://asert.arbornetworks.com/?p=449#comment-177169 [...] PDF Exploit - In the wild, and how to decode | Security to the Core | Arbor Networks Security (tags: pdf exploit) [...] [...] PDF Exploit – In the wild, and how to decode | Security to the Core | Arbor Networks Security (tags: pdf exploit) [...]

]]> By: Juha-Matti Laurio http://ddos.arbornetworks.com/2008/11/pdf-exploit-in-the-wild-and-how-to-decode/comment-page-1/#comment-177165 Juha-Matti Laurio Mon, 10 Nov 2008 20:43:35 +0000 http://asert.arbornetworks.com/?p=449#comment-177165 Fine that the post had the update during the weekend time. Yes, SANS ISC published this id -2992 mentioned at their Diary entry. Fine that the post had the update during the weekend time. Yes, SANS ISC published this id -2992 mentioned at their Diary entry.

]]> By: J. Warren http://ddos.arbornetworks.com/2008/11/pdf-exploit-in-the-wild-and-how-to-decode/comment-page-1/#comment-177111 J. Warren Mon, 10 Nov 2008 13:55:38 +0000 http://asert.arbornetworks.com/?p=449#comment-177111 If one was thinking of replacing the Adobe Reader with Foxit, -now- would be the time... Adobe Reader v9... 33.5MB - http://www.adobe.com/go/getreader -OR- - http://www.foxitsoftware.com/downloads/ Latest version: Foxit Reader 2.3 (.exe) 2.3 Build 3309 - 2.57 MB - 10/14/08 If one was thinking of replacing the Adobe Reader with Foxit, -now- would be the time…

Adobe Reader v9… 33.5MB
- http://www.adobe.com/go/getreader
-OR-
- http://www.foxitsoftware.com/downloads/
Latest version: Foxit Reader 2.3 (.exe) 2.3 Build 3309 – 2.57 MB – 10/14/08

]]> By: Jose Nazario http://ddos.arbornetworks.com/2008/11/pdf-exploit-in-the-wild-and-how-to-decode/comment-page-1/#comment-176826 Jose Nazario Sat, 08 Nov 2008 18:56:43 +0000 http://asert.arbornetworks.com/?p=449#comment-176826 yeah, i misread the adobe bulletin and assumed the wrong CVE ID. someone else out there had a reference to it so i had to update the writeup. :) wanted to make sure i got it right for posterity's sake. yeah, i misread the adobe bulletin and assumed the wrong CVE ID. someone else out there had a reference to it so i had to update the writeup. :) wanted to make sure i got it right for posterity’s sake.

]]>