Next Page >>
Document Format
Workshop:
* Bypassing the Perimeter: Client Side Exploitation - Nitesh Dhanjani,
Billy K Rios
Talks :
* New advances in Office Malware analysis - Frank Boldewin
* PDF Penetration Document Format - Didier Stevens
* Ownage 2.0 - Saumil Shah (who else)
* Malicious PDF origamis strike back - Guillaume Delugr
Frederic Raynal
***********************************************************************
--[ Introduction:
Following 3 paragraphs taken from the vendors' documentation:
Xpdf is an open source viewer for Portable Document Format (PDF)
files. (These are also sometimes also called 'Acrobat' files, from
the name of Adobe's PDF software.) The Xpdf project also includes a
PDF text extractor, PDF-to-PostScript converter, and various other
utilities.
- --[ Introduction:
Following 3 paragraphs taken from the vendors' documentation:
Xpdf is an open source viewer for Portable Document Format (PDF)
files. (These are also sometimes also called 'Acrobat' files, from
the name of Adobe's PDF software.) The Xpdf project also includes a
PDF text extractor, PDF-to-PostScript converter, and various other
utilities.
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 08, 2008
I. BACKGROUND
Adobe Reader is a program for viewing Portable Document Format (PDF)
documents. Acrobat is the program used to create such documents. More
information is available at the following URLs.
http://www.adobe.com/products/acrobat/
http://www.adobe.com/products/reader/
I. BACKGROUND
---------------------
Adobe Acrobat is a family of computer programs developed by Adobe
Systems, designed to view, create, manipulate and manage files in
Adobe's Portable Document Format (PDF).
II. DESCRIPTION
---------------------
CVE-2009-1179 CVE-2009-1180 CVE-2009-1181
CVE-2009-1182 CVE-2009-1183
Debian Bug : 524809
Several vulnerabilities have been identified in xpdf, a suite of tools
for viewing and converting Portable Document Format (PDF) files.
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2009-0146
I. BACKGROUND ---------------------
Adobe Acrobat is a family of computer programs developed by Adobe
Systems, designed to view, create, manipulate and manage files in
Adobe's Portable Document Format (PDF).
II. DESCRIPTION ---------------------
VUPEN Vulnerability Research Team discovered three critical
Debian bug : 551287
CVE ID : CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606
CVE-2009-3608 CVE-2009-3609
Several vulnerabilities have been identified in xpdf, a suite of tools for
viewing and converting Portable Document Format (PDF) files.
The Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-1188 and CVE-2009-3603
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 08, 2008
I. BACKGROUND
Adobe Reader is a program for viewing Portable Document Format (PDF)
documents. Acrobat is the program used to create such documents. More
information is available at the following URLs.
http://www.adobe.com/products/acrobat/
http://www.adobe.com/products/reader/
"An interpreter for the PostScript (TM) language, with the ability to
convert PostScript language files to many raster formats, view them
on displays, and print them on printers that don't have PostScript
language capability built in; An interpreter for Portable Document
Format (PDF) files, with the same abilities; ..."
Product Link:
http://www.ghostscript.com/Ghostscript.html
======================================================================
Mar 24, 2009
I. BACKGROUND
Adobe Acrobat Reader/Acrobat are programs for viewing and editing
Portable Document Format (PDF) documents. For more information, see the
vendor's site found at the following link.
http://www.adobe.com/products/reader/
http://www.adobe.com/products/acrobatpro/
Workshop:
* Bypassing the Perimeter: Client Side Exploitation - Nitesh Dhanjani,
Billy K Rios
Talks :
* New advances in Office Malware analysis - Frank Boldewin
* PDF Penetration Document Format - Didier Stevens
* Ownage 2.0 - Saumil Shah (who else)
* Malicious PDF origamis strike back - Guillaume Delugr
Frederic Raynal
***********************************************************************
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 13, 2011
I. BACKGROUND
Adobe Reader and Acrobat are portable document format (PDF) readers and
processors. For more information, please visit the following pages:
http://www.adobe.com/products/reader/
http://www.adobe.com/products/acrobat/
II. DESCRIPTION
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-1693
Kees Cook discovered a vulnerability in xpdf, set set of tools for
display and conversion of Portable Document Format (PDF) files. The
Common Vulnerabilities and Exposures project identifies the following
problem:
CVE-2008-1693
. 2009-10-26:
Core again requests additional information about the vulnerability and
Microsoft's plan to produce a fix. In particular Core requests
information about Microsoft's other products which are able to parse the
same document format, and may be affected by the vulnerability.
. 2009-11-04:
Core again requests a response to the questions formulated in the
previous communication.
>=20
> Microsoft Office is a suite containing several programs to
>=20
> handle Office documents like text documents or spreadsheets.=20
>=20
> The latest version uses an XML based document format.=20
>=20
> Microsoft Office allows documents to be digitally signed by
>=20
> authors using certified keys, allowing viewers to verify the=20
>=20
Oct 13, 2009
I. BACKGROUND
Adobe Acrobat Reader/Acrobat are programs for viewing and editing
Portable Document Format (PDF) documents. For more information, see the
vendor's site found at the following link.
http://www.adobe.com/products/reader/
http://www.adobe.com/products/acrobatpro/
(Note: This advisory can also be found at http://pdfsig-collision.florz.de/)
= Summary =
The specification of the Portable Document Format (PDF) from version
1.3 onward, including ISO 19005-1:2005 (PDF/A-1) and ISO 32000-1:2008
(equivalent to PDF 1.7), ostensibly defines a mechanism for digitally
signing a document's contents so as to integrate cryptographic
authentication of a document's contents into the existing container
format. A common use of this mechanism is for the creation of supposedly
Xpdf is prone to NULL pointer dereference attack.
Description:
Xpdf is an open-source viewer for Portable Document Format (PDF) files. Xpdf project also includes
a PDF text extractor, PDF-to-PostScript converter, and various other utilities. Xpdf runs under
the X Window System on UNIX, VMS, and OS/2. The non-X components (pdftops, pdftotext, etc.) also
run on Win32 systems and should run on pretty much any system with a decent C++ compiler.
Xpdf is designed to be small and efficient. It can use Type 1, TrueType, or standard X fonts.
Problem Description:
Multiple out-of heap-based buffer read flaws and invalid pointer
dereference flaws were found in the way file, utility for determining
of file types processed header section for certain Composite Document
Format (CDF) files. A remote attacker could provide a specially-crafted
CDF file, which once inspected by the file utility of the victim
would lead to file executable crash (CVE-2012-1571).
The updated packages for Mandriva Linux 2011 have been upgraded to
the 5.11 version and the packages for Mandriva Linux 2010.2 has been
Workshop:
* Bypassing the Perimeter: Client Side Exploitation - Nitesh Dhanjani,
Billy K Rios
Talks :
* New advances in Office Malware analysis - Frank Boldewin
* PDF Penetration Document Format - Didier Stevens
* Ownage 2.0 - Saumil Shah (who else)
* Malicious PDF origamis strike back - Guillaume Delugr
Frederic Raynal
***********************************************************************
CVE-2009-0166 CVE-2009-0799 CVE-2009-0800
CVE-2009-1179 CVE-2009-1180 CVE-2009-1181
CVE-2009-1182 CVE-2009-1183
Debian Bug : 524810
kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the
xpdf program and thus suffers from similar flaws to those described in
DSA-1790.
The Common Vulnerabilities and Exposures project identifies the
following problems:
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set
of tools for display and conversion of Portable Document Format (PDF) files.
The Common Vulnerabilities and Exposures project identifies the following
three problems:
CVE-2007-4352
Where: Remote
======================================================================
3) Vendor's Description of Software
"Xpdf is an open source viewer for Portable Document Format (PDF)
files. (These are also sometimes also called 'Acrobat' files, from the
name of Adobe's PDF software.) The Xpdf project also includes a PDF
text extractor, PDF-to-PostScript converter, and various other
utilities.".
Papers
======
Accepted speakers can optionally hand in a paper which will be
published with an ISBN in the 26C3 Proceedings. Papers will be
accepted in Portable Document Format (PDF) only and should be around
5-10 pages. The PDF file must not be password-protected or contain
other restrictions. Paper size should be DIN A4 (297x210mm) in
portrait orientation. All margins must be set to at least 2 cm (0.78
inches). Pictures should be high-contrasted, greyscaled and up to
300dpi. Apart from that, you are free to use any layout you want.
following considerations:
* The proposal may consist of a paper, or (alternatively) an Extended
Abstract plus a draft version of the slides to be used for the presentation.
* Proposals may be presented in English, Portuguese or Spanish.
* Proposals must be submitted in Portable Document Format (PDF)
* Submissions must be created directly using a word processing system
(scanned articles will not be accepted)
* Presentations may not be longer than 30 minutes.
Oct 13, 2009
I. BACKGROUND
Adobe Acrobat Reader/Acrobat are programs for viewing and editing
Portable Document Format (PDF) documents. For more information, see the
vendor's site found at the following link.
http://www.adobe.com/products/reader/
http://www.adobe.com/products/acrobatpro/
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 08, 2008
I. BACKGROUND
Adobe Reader is a program for viewing Portable Document Format (PDF)
documents. More information is available at the following URLs.
http://www.adobe.com/products/reader/
II. DESCRIPTION
http://labs.idefense.com/intelligence/vulnerabilities/
Jan 12, 2010
I. BACKGROUND
Adobe Reader and Acrobat are Portable Document Format (PDF) reader and
processors. For more information, please visit following pages:
http://www.adobe.com/products/reader/
http://www.adobe.com/products/acrobat/
operation_attr += self.attribute(0x48,
'attributes-natural-language', 'en-us')
operation_attr += self.attribute(0x45, 'printer-uri',
"http://%s:%s/printers/%s" % (self.host, self.port, self.printers))
operation_attr += self.attribute(0x42, 'job-name', 'foo barrrrrrrr')
operation_attr += self.attribute(0x42, 'document-format',
'application/vnd.hp-HPGL')
self.ipp_data = "\x01\x00" # version-number: 1.0
self.ipp_data += "\x00\x02" # operation-id: Print-job
self.ipp_data += "\x00\x00\x00\x01" # request-id: 1
Next Page>>
|
