[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030709111537.5e70ffa0.team@sec-labs.hack.pl>
Date: Wed, 9 Jul 2003 11:15:37 +0000
From: sec-labs team <team@...-labs.hack.pl>
To: bugtraq@...urityfocus.com
Subject: Re: [sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow
Vulnerability + PoC code
We can easily reproduce this bug on version 5.0.7 and 5.0.5 on Slackware
Linux and Phoenix and Mozilla browsers. You can choose Netscape or NCSA
compatibile browser in Adobe preferences, and WWWLaunchNetscape and
WWWLaunchNCSA functions.
You should not have problem with this bug. It is quite simple to
reproduce. Just create .pdf file with long link, execute adobe, open
this file, then attach to it using gdb, put breakpoint on
WWWLaunchNetscape and click on link. There is loop in this function that
do something like this:
while(*src != '\0')
*dst++ = *src++;
As you can see there is no bounds checking.
best regards
--
sec-labs team [http://sec-labs.hack.pl]
--
sec-labs team [http://sec-labs.hack.pl]
--
sec-labs team [http://sec-labs.hack.pl]
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists