Windows 98 / Acrobat 6 is not vulnerable to Adobe Acrobat and ReaderVulnerability

MEB wrote:

> Here we go again, another Adobe Reader vulnerability....
> NOTE that JAVA is instrumental in this vulnerability...

To re-cap, java is NOT instrumental in this vulnerability.

The use of java script is NOT necessary for the exploit (JBIG2Decode) to
execute.

However, it seems that all known examples of this exploit currently in
circulation DO use Javascript and one method of protecting vulnerable
systems is to disable javascript handling within Acrobat.

Example code is now available on Milw0rm:

http://www.milw0rm.com/exploits/8099

That is a perl script, which when executed by a perl interpreter will
produce a PDF file which contains the exploit code. I downloaded and
installed a 17 mb perl compiler package just to produce the desired PDF
file.

Virus Total confirms that the file is identified as a threat - if only
by 2 out of 39 AV programs:

http://www.virustotal.com/analisis/2...a1904ad7491c63

-----------------------
CAT-QuickHeal 2009.02.26 Expoit.PDF.JBIG2Decode
ClamAV 2009.02.25 Exploit.PDF-29
-----------------------

I'm not sure what the example file is supposed to do when executed, but
I can confirm that when Acrobat Reader 6.0.2 (5/18/04) on windows 98 is
directed to open the file, it immediately displays this message:

------------------
There was an error opening this document. The file is damaged and could
not be repaired.
------------------

The message can be dismissed, and Adobe does not crash and can open
other real PDF's just fine.

I haven't tried this .PDF on XP running Acrobat 7, 8 or 9, but I might
do that tommorrow.

Because of the positive AV test, I believe this is a working example of
this vulnerability, and my test has shown that because Acrobat 6 did not
crash, that the combination of Win-98 and Adobe Acrobat 6 is not
vulnerable to this exploit.

Boy that was a real concerted attempt to provide absolute test results for
the vulnerabilities in the Reader and PDFs in general... guess we should all
follow your advise and not worry... AHHH YEAH RIGHT...

--
~
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Diagnostics, Security, Networking
http://peoplescounsel.org
The *REAL WORLD* of Law, Justice, and Government
_______



"98 Guy" <98@Guy.com> wrote in message news:49A62262.8FB2FF4E@Guy.com...
> MEB wrote:
>
> > Here we go again, another Adobe Reader vulnerability....
> > NOTE that JAVA is instrumental in this vulnerability...
>
> To re-cap, java is NOT instrumental in this vulnerability.
>
> The use of java script is NOT necessary for the exploit (JBIG2Decode) to
> execute.
>
> However, it seems that all known examples of this exploit currently in
> circulation DO use Javascript and one method of protecting vulnerable
> systems is to disable javascript handling within Acrobat.
>
> Example code is now available on Milw0rm:
>
> http://www.milw0rm.com/exploits/8099
>
> That is a perl script, which when executed by a perl interpreter will
> produce a PDF file which contains the exploit code. I downloaded and
> installed a 17 mb perl compiler package just to produce the desired PDF
> file.
>
> Virus Total confirms that the file is identified as a threat - if only
> by 2 out of 39 AV programs:
>
> http://www.virustotal.com/analisis/2...a1904ad7491c63
>
> -----------------------
> CAT-QuickHeal 2009.02.26 Expoit.PDF.JBIG2Decode
> ClamAV 2009.02.25 Exploit.PDF-29
> -----------------------
>
> I'm not sure what the example file is supposed to do when executed, but
> I can confirm that when Acrobat Reader 6.0.2 (5/18/04) on windows 98 is
> directed to open the file, it immediately displays this message:
>
> ------------------
> There was an error opening this document. The file is damaged and could
> not be repaired.
> ------------------
>
> The message can be dismissed, and Adobe does not crash and can open
> other real PDF's just fine.
>
> I haven't tried this .PDF on XP running Acrobat 7, 8 or 9, but I might
> do that tommorrow.
>
> Because of the positive AV test, I believe this is a working example of
> this vulnerability, and my test has shown that because Acrobat 6 did not
> crash, that the combination of Win-98 and Adobe Acrobat 6 is not
> vulnerable to this exploit.

MEB wrote:

> Boy that was a real concerted attempt to provide absolute test
> results for the vulnerabilities in the Reader and PDFs in general...

Why are you such a troll?

Are you not capable of reading?

Look at the SUBJECT LINE of my post.

I *did not claim* these test results applied to anything other than the
combination of win-98 and Acrobat 6.

This IS a windows-98 newsgroup, you fool. My test of Win-98 and Acrobat
6 is a sufficient test for the purposes and interest of this newsgroup.
If you want to know if any OTHER combination of windows and acrobat is
exploitable, then by rights the place to look is OTHER newsgroups such
as NT, or XP, or Vista, or Adobe.

> > I haven't tried this .PDF on XP running Acrobat 7, 8 or 9, but
> > I might do that tommorrow.

I provided enough information for anyone to replicate the test on any
combination of windows and acrobat they choose.

Why haven't you gotten off your ass and used this information to test
other combinations, instead of belly-ache that I haven't done it yet.

No you fail to understand the value of what occured. The exploits of the PDF
format and the Readers, JAVA; and other exploits that CAN BE AND ARE being
used within 98 have NOT been fully exposed, nor does your purported test and
results confirm anything of REAL value, save for that *ONE* test designed
FOR XP/VISTA/NT based systems and NEWER Readers, does not work within your
9X system with AR6.....

MOREOVER, You completely fail to contemplate or even understand; YOUR
installation will likely NOT reflect the installations of others [pluggins;
add-ons; base programs; other exploits; interaction with other installed
applications]. Additionally, your *personal Reader settings* may NOT be
reflected in other users systems.

This is at least the third time you have posted INCOMPLETE test results,
and potentially harmful statements into this forum. I specifically warned
YOU I would NOT allow you to do that without bringing you to task for your
failures.

--
~
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Diagnostics, Security, Networking
http://peoplescounsel.org
The *REAL WORLD* of Law, Justice, and Government
_______



"98 Guy" <98@Guy.com> wrote in message news:49A69EDE.D09438B@Guy.com...
> MEB wrote:
>
> > Boy that was a real concerted attempt to provide absolute test
> > results for the vulnerabilities in the Reader and PDFs in general...
>
> Why are you such a troll?
>
> Are you not capable of reading?
>
> Look at the SUBJECT LINE of my post.
>
> I *did not claim* these test results applied to anything other than the
> combination of win-98 and Acrobat 6.
>
> This IS a windows-98 newsgroup, you fool. My test of Win-98 and Acrobat
> 6 is a sufficient test for the purposes and interest of this newsgroup.
> If you want to know if any OTHER combination of windows and acrobat is
> exploitable, then by rights the place to look is OTHER newsgroups such
> as NT, or XP, or Vista, or Adobe.
>
> > > I haven't tried this .PDF on XP running Acrobat 7, 8 or 9, but
> > > I might do that tommorrow.
>
> I provided enough information for anyone to replicate the test on any
> combination of windows and acrobat they choose.
>
> Why haven't you gotten off your ass and used this information to test
> other combinations, instead of belly-ache that I haven't done it yet.

MEB wrote:

> No you fail to understand the value of what occured.

Value?

Do you mean significance? Importance? Relevance?

> The exploits of the PDF format and the Readers, JAVA;
> and other exploits that CAN BE AND ARE being used within 98
> have NOT been fully exposed,

So you have some sort of prescient or prophetic ability to know that
there will be more PDF or Java vulnerabilities that are as yet
undiscovered (or unexposed) but that are *currently* being used, against
win-98 no less?

MEB, you are truly the oracle at Delphi.

I would ask you to provide some evidence, by I realize the utter
futility of doing so.

> nor does your purported test and results confirm anything of REAL
> value,

Of course not. Your authoritative warning, your siren call to Win-98
users of this PDF exploit must stand. It must not be diminished by
small facts and direct testing.

> save for that *ONE* test designed FOR XP/VISTA/NT based systems
> and NEWER Readers,

Ah yes. They went out of their way to replicate the current exploit
such that it will carefully avoid tripping up win-98 and Acrobat 6.
They did that just to test you - the great and all knowing MEB.

> MOREOVER, You completely fail to contemplate or even understand;
> YOUR installation will likely NOT reflect the installations of
> others [pluggins; add-ons; base programs; other exploits;
> interaction with other installed applications].

Ah yes. That must be it. My win-98 system is so far from being typical
that by happenstance the exploit fails to execute. But the millions of
XP systems out there are similar enough to each other such that the
exploit works reasonably well among them.

Brilliant reasoning.

> Additionally, your *personal Reader settings* may NOT be
> reflected in other users systems.

Ah yes, I must have missed the current advisories and their descriptions
of the Jbig exploit, and how it will, or will not work, depending on the
myriad of possible acrobat settings that are possible.

> This is at least the third time you have posted INCOMPLETE test
> results, and potentially harmful statements into this forum.

And naturally it's beneath you to take the example exploit and do a
proper test.

> I specifically warned YOU I would NOT allow you to do that without
> bringing you to task for your failures.

You do realize that you're making an utter fool of yourself here, don't
you?

Your response was, again, written by some one who has proven REPEATEDLY that
they have NO comprehension of what testing entails, that verification of ANY
aspect requires continual testing, and that single outputs NEVER provide an
answer to ANY variable or issue.

Hmm, you must work for Microsoft Software development division... your
knowledge of software development [which includes hacks and hacking] seems
to indicate your abilities..

And who is that fool,,, shall I re-post some of your old postings in this
forum ... hmm, Google still has them...

--
~
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Diagnostics, Security, Networking
http://peoplescounsel.org
The *REAL WORLD* of Law, Justice, and Government
_______



"98 Guy" <98@Guy.com> wrote in message news:49A74469.99B90EB3@Guy.com...
> MEB wrote:
>
> > No you fail to understand the value of what occured.
>
> Value?
>
> Do you mean significance? Importance? Relevance?
>
> > The exploits of the PDF format and the Readers, JAVA;
> > and other exploits that CAN BE AND ARE being used within 98
> > have NOT been fully exposed,
>
> So you have some sort of prescient or prophetic ability to know that
> there will be more PDF or Java vulnerabilities that are as yet
> undiscovered (or unexposed) but that are *currently* being used, against
> win-98 no less?
>
> MEB, you are truly the oracle at Delphi.
>
> I would ask you to provide some evidence, by I realize the utter
> futility of doing so.
>
> > nor does your purported test and results confirm anything of REAL
> > value,
>
> Of course not. Your authoritative warning, your siren call to Win-98
> users of this PDF exploit must stand. It must not be diminished by
> small facts and direct testing.
>
> > save for that *ONE* test designed FOR XP/VISTA/NT based systems
> > and NEWER Readers,
>
> Ah yes. They went out of their way to replicate the current exploit
> such that it will carefully avoid tripping up win-98 and Acrobat 6.
> They did that just to test you - the great and all knowing MEB.
>
> > MOREOVER, You completely fail to contemplate or even understand;
> > YOUR installation will likely NOT reflect the installations of
> > others [pluggins; add-ons; base programs; other exploits;
> > interaction with other installed applications].
>
> Ah yes. That must be it. My win-98 system is so far from being typical
> that by happenstance the exploit fails to execute. But the millions of
> XP systems out there are similar enough to each other such that the
> exploit works reasonably well among them.
>
> Brilliant reasoning.
>
> > Additionally, your *personal Reader settings* may NOT be
> > reflected in other users systems.
>
> Ah yes, I must have missed the current advisories and their descriptions
> of the Jbig exploit, and how it will, or will not work, depending on the
> myriad of possible acrobat settings that are possible.
>
> > This is at least the third time you have posted INCOMPLETE test
> > results, and potentially harmful statements into this forum.
>
> And naturally it's beneath you to take the example exploit and do a
> proper test.
>
> > I specifically warned YOU I would NOT allow you to do that without
> > bringing you to task for your failures.
>
> You do realize that you're making an utter fool of yourself here, don't
> you?