New User, Welcome!     Login

Adobe Illustrator

Secunia Research: Adobe Illustrator Encapsulated Postscript Parsing Vulnerability

====================================================================== 

                     Secunia Research 08/01/2010

 - Adobe Illustrator Encapsulated Postscript Parsing Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1

New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability

  Unixwiz.net Tech Tip:
  An Illustrated Guide to the Kaminsky DNS Vulnerability
  http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html

Steve (who's totally burned out on Adobe Illustrator now)

-- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve@unixwiz.net

DynPG CMS v4.1.0 Multiple Remote File Inclusion Vulnerability

Description:

DynPG is used to upload and manage dynamic web content similar to other content management systems.
DynPG however differs from other CMS, because it is embedded directly into websites.
The software was originally developed to realize designs that are created with Adobe Photoshop, Adobe Fireworks, Adobe Illustrator or any other graphics software.
The layout is created with an editor like Adobe Dreamweaver or Adobe GoLive or even as simple code.
After that, code snippets are placed at those points, where dynamically generated content (like articles, galleries, blogs or other dynamic content) shall be generated.
It provides a convenient way to extend existing websites with dynamic content. DynPG provides a template engine, but also supports existing CSS layouts.

########################################################

Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) Overlong DSC Comment Buffer Overflow Exploit

<?php
    /*
    Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps)
    overlong DSC Comment Buffer Overflow Exploit
    by Nine:Situations:Group::pyrokinesis
    site: http://retrogod.altervista.org/
     
    An overlong string as DSC comment (more than 42000 bytes)
    results in a direct EIP overwrite.
    Exception is first-chance so the program will never crash.

Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll)

/* 
Exploit Title: Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll)
Date: August 25, 2010
Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com)
Version: CS4 v14.0.0
Tested on: Windows 7 x64 Ultimate
Vulnerable extensions: .ait .eps
Greetz: Astalavista, OffSEC, Exploit-DB
Note: Create folders system\enu_us and put aires.dll
*/


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!