lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3F6918F2F2125C4BB95462A2ED1454B16746A5@pukeko.smb2go.net>
Date: Wed, 14 May 2008 15:58:21 +1200
From: "Paul Craig" <paul.craig@...urity-assessment.com>
To: <bugtraq@...urityfocus.com>,
	<full-disclosure-request@...ts.grok.org.uk>
Subject: Malformed Acrobat Distiller 8 .joboptions 

=====================================================================
= Malformed Acrobat Distiller 8 .joboptions 
=
= Vendor Website: 
= http://www.adobe.com
=
= Affected Version:
= Adobe Acrobat Reader, Acrobat Professional 7, Acrobat Professional 8
=
= Vendor Notified   - February 2007
= Public Disclosure - May 2008
=
http://www.security-assessment.com/files/advisories/2008-05-15_Acrobat_D
istiller_Malformed_joboptions_File.pdf
=====================================================================

== Overview ==
Another day, another file format bug, nothing to see here, move along..

Security-Assessment.com discovered multiple heap based overflow flaws
within
Acrobat Distiller 8 which under certain circumstances can be used to
execute
arbitrary code.
The vulnerability was found within the .joboptions file type.
An auto-opening PDF quality settings file extension used by Acrobat
Distiller.

Font names stored within the parameters /AlwaysEmbed and /NeverEmbed
both
produce a heap based overflow when a large (160+ char) font name is
supplied.

Acrobat 8 professional and any other Adobe suite which contains Acrobat
Distiller
acrodist.exe (Such as CS3) is vulnerable to this issue.

Original Vendor Advisories:
http://www.adobe.com/support/security/bulletins/apsb08-13.html
http://www.adobe.com/support/security/advisories/apsa08-01.html

== Solutions ==
Adobe recommends Acrobat 8 users on Windows update to Acrobat 8.1.2
available here:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3849.

== Credit ==
Discovered and advised to Adobe February , 2007 by Paul Craig of
Security-Assessment.com - Paul.Craig<at>Security-Assessment.com

== Greetings ==
Past and present Security-Assessment.com members.
The .NZ Security Scene
KiwiCon '08 (www.kiwicon.org)


== About Security-Assessment.com ==
Security-Assessment.com is New Zealand's leading team of Information 
security consultants specialising in providing high quality Information
and
Security services to clients throughout the Asia Pacific region.
Our clients include some of the largest globally recognised companies in
areas such as finance, telecommunications, broadcasting, legal and
government. Our aim is to provide the best independent advice
and a high level of technical expertise while creating long and lasting
professional relationships with our clients.

Security-Assessment.com is committed to security research and
development,
and its team continues to identify and responsibly publish
vulnerabilities
in public and private software vendor's products. Members of the
Security-Assessment.com R&D team are globally recognised through their
release of whitepapers and presentations related to new security
research.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ