Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Kevin Ross <kevross33-gM/Ye1E23mwN+BqQ9rBEUg <at> public.gmane.org>
Subject: Re: SIG: ET WEB_CLIENT Possible Adobe Reader 9.4 this.printSeps Memory Corruption Attempt
Newsgroups: gmane.comp.security.ids.snort.emerging-sigs
Date: Friday 5th November 2010 09:21:51 UTC (over 6 years ago)
Hey. Apparantly it is only a DOS but there was another memory corruption
where initially it was a DOS but actually did cause code execution with a
bit of work. I am playing it safe, possibly could be in current_events
until
we can see how it goes?  Go to extraexploit.blogspot.com for more info
(though not much)

Kev
On 5 November 2010 01:27, [email protected]
 wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/04/10 19:52, Kevin Ross wrote:
> > alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET
WEB_CLIENT
> > Possible Adobe Reader 9.4 this.printSeps Memory Corruption Attempt";
> > flow:established,to_client; content:"PDF-"; nocase; depth:300;
> > content:"this.printSeps"; nocase; distance:0; classtype:attempted-user;
> > reference:bid,44638; sid:1440001; rev:1;)
>
> Hi Kevin, as best as I can tell this issue (printSeps) is a DoS against
> Adobe;
> do we really want to create a sig on a client-side application DoS?  Do
you
> have
> any additional information?  Thanks
>
> > Regards, Kev
>
> - -evilghost
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIcBAEBAgAGBQJM011wAAoJENgimYXu6xOHzVcP/jbxwVRvarGkVVv959CqFZf5
> 68Ril6IreuYuJxs9//0OkFFjQVjTqKtYC88HUN5N315a00gjnYCNGX/93u+yzLdY
> OJznBSqFwZU93E1AukF+nkhzZvBGmNdvECuIuxVuYunGfWvMRcDVSQKTpf3XGhye
> NE288ynclc7e4K3zB240G+Hz3gvp1FaHnS9MdS6Rfg98ohUk7ZBYgSQHQGqj/N9S
> dKDMqYhDL0Kp7JdiUIPR1kQ6vkRNESOnGI8CZNdtPYiUyF8zT3QOX85JOcTOAtST
> H/W8X1N/jQu/fm1rETa6QGRIFKj1a6ny5nYPJUuW6BOdIl5GW52OUa95d+KE+/DX
> uja9x0MO4x/cXdm3K6rvwmHX+cu19EGKm4tCP+nIYX5/vVM/VL8GWZo1ft1Q8/N/
> w72+p7LG/VS01lGzxr8cLts8bb2fJCbUPA8G9mmR0sedviOy48SEal25twVtQEkR
> a85xQ2f6mNFqcbQgFdctrxYb4JH6LihHwYTa5UtmBB1foi12wWii+0Kk5OiSwGvp
> cM1qsl4Ht/fGCyHDcMLlhjVVL33b2G66z0lBCdIMOH+F/XUaseuoJt2shw5wQNDD
> Y/76969Abilu6Uz0MgaPWYgvy6K431EHWQMF2ucWkB+iibKs4vpF7HEynjfTLTBQ
> Qx9YZYQmfjBLyvSSwkzJ
> =Vo8t
> -----END PGP SIGNATURE-----
>
>
 
CD: 4ms