Next Page >>
Portable Document Format
________________________________________________________________________
From the facepalm department
Kaspersky and the silent fix that wasn't
PDF Evasion
________________________________________________________________________
Release mode: Forced disclosure
Ref : [TZO-30-2009] - Kaspersky PDF evasion (Forced disclosure)
WWW : http://blog.zoller.lu/2009/05/advisory-kaspersky-generic-pdf-evasion.html
(Note: This advisory can also be found at http://pdfsig-collision.florz.de/)
= Summary =
The specification of the Portable Document Format (PDF) from version
1.3 onward, including ISO 19005-1:2005 (PDF/A-1) and ISO 32000-1:2008
(equivalent to PDF 1.7), ostensibly defines a mechanism for digitally
signing a document's contents so as to integrate cryptographic
authentication of a document's contents into the existing container
Multiple security vulnerabilities has been discovered and corrected
in poppler:
An out-of-bounds reading flaw in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0799).
Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
(CVE-2009-0800).
CVE Name: CVE-2009-0836, CVE-2009-0837
3. *Vulnerability Description*
Foxit Reader is a lightweight, free PDF document viewer and printer. PDF
files may include actions (i.e., 'Go to a page view', 'Open/Execute a
file', 'Open a web link', 'Execute a menu item') associated with
different triggers (i.e., 'Mouse Up', 'Mouse Down', 'Page Visible',
'Page Invisible'). The way Foxit Reader handles an 'Open/Execute a file'
action makes the software victim of two kinds of vulnerabilities:
_______________________________________________________________________
Problem Description:
An out-of-bounds reading flaw in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0799).
Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
(CVE-2009-0800).
Knowing the path of the home directory of an unknown host has little, if any, value. Even if you know the host, you would have to get the user to run code interactively to leverage this "privacy issue" in addition to ensuring that the interactive user was indeed the same user that created the PDF doc. And that code would have to be written specifically for that particularly host/user, which is inefficient (barring network based home directory settings). Any time I've needed local user path for proof-of-concept code, I simply parse the HOMEPATH environmental variable to ensure the code runs properly and that it can be easily applied to any host.
t
-----Original Message-----
From: Inferno [mailto:inferno@securethoughts.com]
Sent: Monday, November 23, 2009 7:46 AM
To: bugtraq@securityfocus.com
Subject: Millions of PDF invisibly embedded with your internal disk paths
Problem Description:
Multiple vulnerabilities has been found and corrected in poppler:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
attachments into a format that is easily rendered on BlackBerry
devices. When a user requests an attachment on their BlackBerry device,
the Attachment Service will obtain the attachment, parse and convert it,
and then send it to the user for viewing. The Attachment Service is
capable of converting a variety of different file formats, including
PDF files. This vulnerability affects the PDF filter/distiller. For
more information, see the vendor's site found at the following link.
http://na.blackberry.com/eng/services/server/
II. DESCRIPTION
CVE-2009-0166 CVE-2009-0799 CVE-2009-0800
CVE-2009-1179 CVE-2009-1180 CVE-2009-1181
CVE-2009-1182 CVE-2009-1183
Debian Bug : 524810
kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the
xpdf program and thus suffers from similar flaws to those described in
DSA-1790.
The Common Vulnerabilities and Exposures project identifies the
following problems:
Debian Security Advisory DSA-1790-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
May 05, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xpdf
Vulnerability : multiple
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0146 CVE-2009-0147 CVE-2009-0165
CVE-2009-0166 CVE-2009-0799 CVE-2009-0800
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
attachments into a format that is easily rendered on BlackBerry
devices. When a user requests an attachment on their BlackBerry device,
the Attachment Service will obtain the attachment, parse and convert it,
and then send it to the user for viewing. The Attachment Service is
capable of converting a variety of different file formats, including
PDF files. This vulnerability affects the PDF filter/distiller. For
more information, see the vendor's site found at the following link.
http://na.blackberry.com/eng/services/server/
II. DESCRIPTION
Millions of PDF invisibly embedded with your internal disk paths
----------------------------------------------------------------
I found an interesting privacy issue while analyzing PDF files. This bug
occurs when you are using Internet Explorer to print locally saved web pages
as PDF and affects all IE versions including IE8. It does not matter which
PDF generation software you are using like Adobe Acrobat Professional,
CutePDF, PrimoPDF, etc as long as you are invoking it from inside the IE
print function. In Windows, even when your default browser is not IE and if
you right click a file to select the PRINT from the context menu, then by
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
issue is brand new.
On 9/21/07, Antivirus Taneja <taneja.security@gmail.com> wrote:
> Hi,
>
> Too interesting and dangerous....Last couple of months there were PDF
> spamming (Stocks Information) all over the internet..I analyzed those PDF i
> didn't find any such thing....Did you checked them? Are they related to any
> vulnerability?
>
> Regards,
attachments into a format that is easily rendered on BlackBerry
devices. When a user requests an attachment on their BlackBerry device,
the Attachment Service will obtain the attachment, parse and convert it,
and then send it to the user for viewing. The Attachment Service is
capable of converting a variety of different file formats, including
PDF files. This vulnerability affects the PDF filter/distiller. For
more information, see the vendor's site found at the following link.
http://na.blackberry.com/eng/services/server/
II. DESCRIPTION
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
really :).. which one... the one from last year?
On 9/20/07, Aditya K Sood <zeroknock@secniche.org> wrote:
> pdp (architect) wrote:
> > http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
> >
> > I am closing the season with the following HIGH Risk vulnerability:
> > Adobe Acrobat/Reader PDF documents can be used to compromise your
> > Windows box. Completely!!! Invisibly and unwillingly!!! All it takes
> > is to open a PDF document or stumble across a page which embeds one.
http://labs.idefense.com/intelligence/vulnerabilities/
Jan 12, 2010
I. BACKGROUND
Adobe Reader and Acrobat are Portable Document Format (PDF) reader and
processors. For more information, please visit following pages:
http://www.adobe.com/products/reader/
http://www.adobe.com/products/acrobat/
pdp (architect) wrote:
> http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
>
> I am closing the season with the following HIGH Risk vulnerability:
> Adobe Acrobat/Reader PDF documents can be used to compromise your
> Windows box. Completely!!! Invisibly and unwillingly!!! All it takes
> is to open a PDF document or stumble across a page which embeds one.
>
> The issue is quite critical given the fact that PDF documents are in
> the core of today's modern business. This and the fact that it may
Name: Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce
Author: Adam Zabrocki / HISPASEC (<pi3@itsec.pl> or <adam@hispasec.com>)
Date: July 06, 2009
Issue:
Xpdf allows local and remote attackers to overflow buffer on heap via integer overflow vulnerability.
Xpdf is prone to NULL pointer dereference attack.
________________________________________________________________________
Symantec multiple products - Generic PDF bypass
________________________________________________________________________
***********************************************************************
Cheap plug :
Speaking of PDF - If you are interested in client-side vulnerabilities
visit HACK.LU starting tomorrow [28-30 Oct] with :
Mandriva Linux Security Advisory MDVSA-2009:101
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xpdf
Date : April 28, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Jun 09, 2009
I. BACKGROUND
Adobe Acrobat Reader/Acrobat are programs for viewing and editing
Portable Document Format (PDF) documents. For more information, see the
vendor's site found at the following link.
http://www.adobe.com/products/reader/
http://www.adobe.com/products/acrobatpro/
======================================================================
Secunia Research 07/11/2007
- Xpdf "Stream.cc" Multiple Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: 03 December 2009 22:27
To: bugtraq@securityfocus.com
Subject: RE: Millions of PDF invisibly embedded with your internal disk
paths
(Fixing rejected post)
Meh. I replied to something similar off-list.
________________________________________________________________________
F-SECURE multiple products - Generic PDF detection bypass
________________________________________________________________________
***********************************************************************
Cheap plug :
If you are interested in client-side vulnerabilities visit HACK.LU
starting tomorrow [28-30 Oct] with :
________________________________________________________________________
McAfee multiple products - Generic PDF detection bypass
________________________________________________________________________
***********************************************************************
Cheap plug :
If you are interested in client side vulnerabilities visit HACK.LU
starting tomorrow 28-30 Oct with :
Debian Security Advisory DSA-2028-1 security@debian.org
http://www.debian.org/security/ Luciano Bello
April 5th, 2010 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : xpdf
Vulnerability : multiple
Problem type : local (remote)
Debian-specific: no
Debian bug : 551287
CVE ID : CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606
(Fixing rejected post)
Meh. I replied to something similar off-list.
"Leaking" a pdf with 'e:\nethome\joe_kitten_lover' doesn't remotely "prove" anything. If I create a user called MayIMommaDogFaceToTheBannanPatch and "leaked" a pdf, it doesn't mean Steve Martin was culpable. This is a non-issue, no matter how much you might want to create some fanciful "bonsai kitten" theory to get Joe in trouble, dawg.
t
From: WebDawg [mailto:webdawg@gmail.com]
Next Page>>
|
