occurs when you are using Internet Explorer to print locally saved web pages
as PDF and affects all IE versions including IE8. It does not matter which
PDF generation software you are using like Adobe Acrobat Professional,
CutePDF, PrimoPDF, etc as long as you are invoking it from inside the IE
print function. In Windows, even when your default browser is not IE and if
you right click a file to select the PRINT from the context menu, then by
default it invokes the IE print handler. So, you will still see this issue
in the generated PDF.
This bug is NOT ABOUT the local disk path appearing in the FOOTER of your
pdf since it is clearly visible and already known by most people. This is
occurs when you are using Internet Explorer to print locally saved web pages
as PDF and affects all IE versions including IE8. It does not matter which
PDF generation software you are using like Adobe Acrobat Professional,
CutePDF, PrimoPDF, etc as long as you are invoking it from inside the IE
print function. In Windows, even when your default browser is not IE and if
you right click a file to select the PRINT from the context menu, then by
default it invokes the IE print handler. So, you will still see this issue
in the generated PDF.
This bug is NOT ABOUT the local disk path appearing in the FOOTER of your
pdf since it is clearly visible and already known by most people. This is
OpenOffice.org is not properly configure to use the xdg-email
functionality of the FreeDesktop standard (#52195).
Template desktop icons are not properly set up then they are not
presented under the context menu of applications like Dolphin (#56439).
libia_ora-gnome is added as suggest as long as that package is needed
for a better look (#57385#c28).
It is enabled a fallback logic to properly select an OpenOffice.org
OpenOffice.org is not properly configure to use the xdg-email
functionality of the FreeDesktop standard (#52195).
As the template desktop icons are not properly set, it's not presented
under the context menu of applications like Dolphin (#56439).
The Firefox plugin which enables viewing of OpenOffice documents
inside the browser was not enabled.
_______________________________________________________________________
Our new blog post describes in detail how the binary planting exploits we presented
at Hack In The Box Amsterdam work. Watch a user on IE8/XP getting pwned by two single
clicks on a web page, and a user on IE9/Win7 getting pwned by selecting an option
from a context menu.
http://blog.acrossecurity.com/2011/05/anatomy-of-com-server-based-binary.html
or
http://bit.ly/kWe3gw
using the RealPlayer plug-in or a direct link to the malicious media.
It appears that the RealPlayer plug-in for Firefox uses the browser to
download files via HTTP. The RealPlayer chunked encoding processing is
not used in this scenario. However, RealPlayer does provide a
right-click context menu to open the document within RealPlayer itself.
As such, using Firefox does not prevent exploitation altogether.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in RealPlayer
OpenOffice.org is not properly configure to use the xdg-email
functionality of the FreeDesktop standard (#52195).
Template desktop icons are not properly set up then they are not
presented under the context menu of applications like Dolphin (#56439).
libia_ora-gnome is added as suggest as long as that package is needed
for a better look (#57385#c28).
It is enabled a fallback logic to properly select an OpenOffice.org
bmo> of Winamp (not the Lite version) you just have to add the M3U file to
bmo> Winamp by for example simply dragging the file into the playlist.
bmo> The lite version catches the exception and exits if you add the
bmo> malformed M3U file to the playlist. If you use the "Enqueue in Winamp"
bmo> option (if configured you'll find it in the context menu) Winamp Lite
bmo> does not catch the exception and crashes too.
OpenOffice.org is not properly configure to use the xdg-email
functionality of the FreeDesktop standard (#52195).
Template desktop icons are not properly set up then they are not
presented under the context menu of applications like Dolphin (#56439).
libia_ora-gnome is added as suggest as long as that package is needed
for a better look (#57385#c28).
It is enabled a fallback logic to properly select an OpenOffice.org
of Winamp (not the Lite version) you just have to add the M3U file to
Winamp by for example simply dragging the file into the playlist.
The lite version catches the exception and exits if you add the
malformed M3U file to the playlist. If you use the "Enqueue in Winamp"
option (if configured you'll find it in the context menu) Winamp Lite
does not catch the exception and crashes too.
It's also possible to add a remote file to the playlist by clicking
on Add -> Add URL and inserting a URL like:
http://morph3us.org/security/pen-testing/winamp/a.m3u
