5 Nov 10:21
Re: SIG: ET WEB_CLIENT Possible Adobe Reader 9.4 this.printSeps Memory Corruption Attempt
Hey. Apparantly it is only a DOS but there was another memory corruption where initially it was a DOS but actually did cause code execution with a bit of work. I am playing it safe, possibly could be in current_events until we can see how it goes? Go to extraexploit.blogspot.com for more info (though not much)
Kev
On 5 November 2010 01:27, evilghost-TKskQ8pOXrd9pMjJd8zWoA@public.gmane.org <evilghost-TKskQ8pOXrd9pMjJd8zWoA@public.gmane.org> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1Hi Kevin, as best as I can tell this issue (printSeps) is a DoS against Adobe;
On 11/04/10 19:52, Kevin Ross wrote:
> alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT
> Possible Adobe Reader 9.4 this.printSeps Memory Corruption Attempt";
> flow:established,to_client; content:"PDF-"; nocase; depth:300;
> content:"this.printSeps"; nocase; distance:0; classtype:attempted-user;
> reference:bid,44638; sid:1440001; rev:1;)
do we really want to create a sig on a client-side application DoS? Do you have
any additional information? Thanks
> Regards, Kev
- -evilghost
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJM011wAAoJENgimYXu6xOHzVcP/jbxwVRvarGkVVv959CqFZf5
68Ril6IreuYuJxs9//0OkFFjQVjTqKtYC88HUN5N315a00gjnYCNGX/93u+yzLdY
OJznBSqFwZU93E1AukF+nkhzZvBGmNdvECuIuxVuYunGfWvMRcDVSQKTpf3XGhye
NE288ynclc7e4K3zB240G+Hz3gvp1FaHnS9MdS6Rfg98ohUk7ZBYgSQHQGqj/N9S
dKDMqYhDL0Kp7JdiUIPR1kQ6vkRNESOnGI8CZNdtPYiUyF8zT3QOX85JOcTOAtST
H/W8X1N/jQu/fm1rETa6QGRIFKj1a6ny5nYPJUuW6BOdIl5GW52OUa95d+KE+/DX
uja9x0MO4x/cXdm3K6rvwmHX+cu19EGKm4tCP+nIYX5/vVM/VL8GWZo1ft1Q8/N/
w72+p7LG/VS01lGzxr8cLts8bb2fJCbUPA8G9mmR0sedviOy48SEal25twVtQEkR
a85xQ2f6mNFqcbQgFdctrxYb4JH6LihHwYTa5UtmBB1foi12wWii+0Kk5OiSwGvp
cM1qsl4Ht/fGCyHDcMLlhjVVL33b2G66z0lBCdIMOH+F/XUaseuoJt2shw5wQNDD
Y/76969Abilu6Uz0MgaPWYgvy6K431EHWQMF2ucWkB+iibKs4vpF7HEynjfTLTBQ
Qx9YZYQmfjBLyvSSwkzJ
=Vo8t
-----END PGP SIGNATURE-----
RSS Feed