'[Full-disclosure] Query on Adobe Pagemaker Long Fontname Handling'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Query on Adobe Pagemaker Long Fontname Handling
From:       Sujit Ghosal <thesujit () gmail ! com>
Date:       2009-06-26 12:02:20
Message-ID: 888c43130906260450h7d23bea0p8c82ed904ef5302e () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi Friends,
   I am doing some research for an old vulnerability CVE-2007-5169.Its
related to Adobe pagemaker. I just went through the vulnerability and it
states that if one attacker is trying to craft a long font name i.e. Courier
New and then after that he is crafting, lets say 40-50 AAAA or BBBB. Then if
any user will open the crafted page maker file then the crafted pmd file
will crash the application and cause stack overflow or may do arbitrary code
execution. I just went though an attack Pcap and got these information. Well
now I know whats the magic bytes for detecting Pagamaker document over the
wire. But from the signature writing perspective, I need to know the
structure that where it stores the font names in its file format. But as you
know Adobe's most of the file formats are proprietary and not publically
available so I am not able to figure out that what procedure I can follow to
detect this attack attempt.

    So can anyone please give me some reference on this vulnerability or its
attack detection procedure? I would be very thankful.

Thanks,
Sujit

[Attachment #5 (text/html)]

Hi Friends,<br>=A0=A0 I am doing some research for an old vulnerability CVE=
-2007-5169.Its related to Adobe pagemaker. I just went through the vulnerab=
ility and it states that if one attacker is trying to craft a long font nam=
e i.e. Courier New and then after that he is crafting, lets say 40-50 AAAA =
or BBBB. Then if any user will open the crafted page maker file then the cr=
afted pmd file will crash the application and cause stack overflow or may d=
o arbitrary code execution. I just went though an attack Pcap and got these=
 information. Well now I know whats the magic bytes for detecting Pagamaker=
 document over the wire. But from the signature writing perspective, I need=
 to know the structure that where it stores the font names in its file form=
at. But as you know Adobe&#39;s most of the file formats are proprietary an=
d not publically available so I am not able to figure out that what procedu=
re I can follow to detect this attack attempt.<br>
<br>=A0=A0=A0 So can anyone please give me some reference on this vulnerabi=
lity or its attack detection procedure? I would be very thankful.<br>=A0=A0=
=A0 =A0=A0=A0 =A0<br>Thanks,<br>Sujit<br>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic