Dailydave mailing list archives

Re: JBIG falls without JavaScript

From: Pusscat <pusscat () metasploit com>
Date: Tue, 3 Mar 2009 15:15:43 -0500

Can't say I didn't see this one coming. Nice work! Every time someone
suggested that protection was as simple as turing off javascript, I'd
cringe.

The one in the wild was pretty simple, and not very reliable at all.
The reliability issue was with the return address write though, not
the spray.

On Tue, Mar 3, 2009 at 2:06 PM, dave <dave () immunityinc com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Downloadable here, for those of you with CANVAS Early Update Subscriptions:
http://www.immunityinc.com/ceu-index.shtml

So things like this are harder than they look - Pablo and Kostya had to
work quite a bit on reliability every step of the way. But the Acrobat
JBIG exploit now works nicely without any JavaScript heap spray.

For those of you with the exploit that was caught in the wild, how
reliable is that one? What versions of Acrobat Reader does it work on?

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmtf8AACgkQtehAhL0gheoN+ACfcEPl1ADGcc9ouGVhgeR46qFe
dl8AniOrku/5H/WfNMug95zN4LwS7XIt
=CE+o
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

JBIG falls without JavaScript dave (Mar 03)
- Re: JBIG falls without JavaScript Pusscat (Mar 03)
- Re: JBIG falls without JavaScript Thorsten Holz (Mar 06)
  - Re: JBIG falls without JavaScript dave (Mar 06)