[30687] in bugtraq
Re: [sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow
daemon@ATHENA.MIT.EDU (sec-labs team)
Wed Jul 9 20:02:35 2003
Date: Wed, 9 Jul 2003 11:15:37 +0000
From: sec-labs team <team@sec-labs.hack.pl>
To: bugtraq@securityfocus.com
Message-Id: <20030709111537.5e70ffa0.team@sec-labs.hack.pl>
In-Reply-To: <3F09FEFA.9030102@snosoft.com>
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
micalg="pgp-sha1"; boundary="=.1VBVCOqdN.lU)n"
--=.1VBVCOqdN.lU)n
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
We can easily reproduce this bug on version 5.0.7 and 5.0.5 on Slackware
Linux and Phoenix and Mozilla browsers. You can choose Netscape or NCSA
compatibile browser in Adobe preferences, and WWWLaunchNetscape and
WWWLaunchNCSA functions.
You should not have problem with this bug. It is quite simple to
reproduce. Just create .pdf file with long link, execute adobe, open
this file, then attach to it using gdb, put breakpoint on
WWWLaunchNetscape and click on link. There is loop in this function that
do something like this:
while(*src != '\0')
*dst++ = *src++;
As you can see there is no bounds checking.
best regards
--
sec-labs team [http://sec-labs.hack.pl]
--
sec-labs team [http://sec-labs.hack.pl]
--
sec-labs team [http://sec-labs.hack.pl]
--=.1VBVCOqdN.lU)n
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE/C/lbZ4yD+a7QMvgRAn2gAJ45wAFYEVBaKbMyN8yGL8e33p3u5wCfWzd5
GyCT5Vz+k4MpBeIpunUU+98=
=PA+o
-----END PGP SIGNATURE-----
--=.1VBVCOqdN.lU)n--
