lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <888c43130906260450h7d23bea0p8c82ed904ef5302e@mail.gmail.com>
Date: Fri, 26 Jun 2009 17:20:20 +0530
From: Sujit Ghosal <thesujit@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Query on Adobe Pagemaker Long Fontname Handling
	Stack Overflow Vuln

Hi Friends,
   I am doing some research for an old vulnerability CVE-2007-5169.Its
related to Adobe pagemaker. I just went through the vulnerability and it
states that if one attacker is trying to craft a long font name i.e. Courier
New and then after that he is crafting, lets say 40-50 AAAA or BBBB. Then if
any user will open the crafted page maker file then the crafted pmd file
will crash the application and cause stack overflow or may do arbitrary code
execution. I just went though an attack Pcap and got these information. Well
now I know whats the magic bytes for detecting Pagamaker document over the
wire. But from the signature writing perspective, I need to know the
structure that where it stores the font names in its file format. But as you
know Adobe's most of the file formats are proprietary and not publically
available so I am not able to figure out that what procedure I can follow to
detect this attack attempt.

    So can anyone please give me some reference on this vulnerability or its
attack detection procedure? I would be very thankful.

Thanks,
Sujit

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ