[<prev] [next>] [day] [month] [year] [list]
Message-ID: <888c43130906260450h7d23bea0p8c82ed904ef5302e@mail.gmail.com>
Date: Fri, 26 Jun 2009 17:20:20 +0530
From: Sujit Ghosal <thesujit@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Query on Adobe Pagemaker Long Fontname Handling
Stack Overflow Vuln
Hi Friends,
I am doing some research for an old vulnerability CVE-2007-5169.Its
related to Adobe pagemaker. I just went through the vulnerability and it
states that if one attacker is trying to craft a long font name i.e. Courier
New and then after that he is crafting, lets say 40-50 AAAA or BBBB. Then if
any user will open the crafted page maker file then the crafted pmd file
will crash the application and cause stack overflow or may do arbitrary code
execution. I just went though an attack Pcap and got these information. Well
now I know whats the magic bytes for detecting Pagamaker document over the
wire. But from the signature writing perspective, I need to know the
structure that where it stores the font names in its file format. But as you
know Adobe's most of the file formats are proprietary and not publically
available so I am not able to figure out that what procedure I can follow to
detect this attack attempt.
So can anyone please give me some reference on this vulnerability or its
attack detection procedure? I would be very thankful.
Thanks,
Sujit
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists