Adobe has released a new Adobe Reader version with a fix for my /Launch action PoC PDF.
Before version 9.3.3:
Since version 9.3.3:
Not only is the dialog box fixed, but the /Launch action is also disabled by default.
Quickpost info
View full post on Didier Stevens
Related Posts
- “Help us escape Japan” scam mail
Here's a freshly minted scam mail doing the rounds - this time, claiming to be a victim trying to escape Japan and needing a cool $ 1,600 to do it. From: jamainelecottATyahoo.com Subject: Please Hel... - Quickpost: “It Does No Harm…” or Does It?
You often read about people who use many different security applications to protect their systems. Not only anti-virus, anti-spyware, firewall, HIPS, …, but also some other tools like anti-keyl... - Quickpost: Checking ASLR
Some people asked me for a simple way to check shell extensions for their ASLR support. You can do this with Process Explorer. Start Process Explorer, and set the lower pane to display DLLs. Select p... - Quickpost: Adobe Reader X
In case you’ve not read Adobe’s announcement: Adobe Reader X is out. Use Adobe’s FTP server if you want to avoid their download manager. Protected Mode Adobe Reader comes with a sand... - Quickpost: Adding Certificates to the Certificate Store
A couple of people asked me how to get self-signed certificates recognized by Windows. For example, when you check the digital signature of one of my programs (like ariad.exe), you’ll see this: ... - Quickpost: Ariad & DLL Preloading
I’m writing this quickpost just in case you hadn’t figured this out for yourself: the techniques I described to protect machines from the .LNK vulnerability also help you mitigate the DLL ... - Google CEO: Young web users will need to escape online posts
Young web users may be need to change their names when they become adults in a bid to distance themselves from content previously posted online about them, says Google. View full post on Network Wo... - Quickpost: .LNK Template Update
I updated my .LNK template with info I got from comments from WndSks and Forrest Gump. This new version identifies well-known Shell GUIDs: Quickpost info View full post on Didier Steven... - Quickpost: 2 .LNK Tools
Microsoft has issued an emergency patch (MS10-046) for the .LNK file vulnerability (CVE-2010-2568). I’m releasing two small tools I developed to help me investigate this vulnerability. First one... - Quickpost: Preventing the /Launch Action “cmd.exe” Bypass
Adobe has released a new Adobe Reader version that contains functionality to block my /Launch action PoC, but Bkis found a bypass: just put double quotes around cmd.exe, like this: “cmd.exeR...
