|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow Vulnerability + PoC code
From: sec-labs team (team
sec-labs.hack.pl)
Date: Wed Jul 09 2003 - 06:15:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
We can easily reproduce this bug on version 5.0.7 and 5.0.5 on Slackware
Linux and Phoenix and Mozilla browsers. You can choose Netscape or NCSA
compatibile browser in Adobe preferences, and WWWLaunchNetscape and
WWWLaunchNCSA functions.
You should not have problem with this bug. It is quite simple to
reproduce. Just create .pdf file with long link, execute adobe, open
this file, then attach to it using gdb, put breakpoint on
WWWLaunchNetscape and click on link. There is loop in this function that
do something like this:
while(*src != '\0')
*dst++ = *src++;
As you can see there is no bounds checking.
best regards
--
sec-labs team [http://sec-labs.hack.pl]
--
sec-labs team [http://sec-labs.hack.pl]
--
sec-labs team [http://sec-labs.hack.pl]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE/C/lbZ4yD+a7QMvgRAn2gAJ45wAFYEVBaKbMyN8yGL8e33p3u5wCfWzd5
GyCT5Vz+k4MpBeIpunUU+98=
=PA+o
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]