Next Page >>
file format
RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. It cracks hashes with rainbow tables.
Version 1.4 of the RainbowCrack software is now available for download.
New features:
- New compact rainbow table file format (.rtc) reduce rainbow table size by 50% to 56.25%
- New rt2rtc utility convert rainbow table from raw file format (.rt) to compact file format (.rtc)
- New rtc2rt utility convert rainbow table from compact file format (.rtc) to raw file format (.rt)
- The rcrack/rcrack_cuda program support both .rt and .rtc rainbow table file format
- Conversion from non-perfect to perfect rainbow table is supported by rt2rtc utility
handbook about security holes that also describes current
state-of-the-start exploitation techniques for different hardware
platforms and operating systems [6].
The vulnerabilities discovered are summarized below grouped by the type
of image file format that is parsed by the vulnerable component.
#1 - GIF image parsing heap overflow
The Graphics Interchange Format (GIF) is image format dating at least
from 1989 [7]. It was popularized because GIF images can be compressed
Adobe Audition is a digital audio workstation software for Windows that
was originally developed by Syntrillium as Cool Edit Pro, and acquired
by Adobe in 2003. The software allows user to do multitrack audio mixing
and editing and supports storing of multitrack audio using a session
file format (.ses).
Adobe audition is vulnerable to numerous buffer overflows while parsing
several fields inside the TRKM chunk on session (.ses) files. Then, a
memory corruption can be leveraged to execute arbitrary code on
vulnerable systems by enticing users to open specially crafted session
Krakow Labs Development
4f: The File Format Fuzzing Framework
4f is a file format fuzzing framework. 4f uses modules which are
specifications of the targeted binary or text file format that tell it
how to fuzz the target application.
If 4f detects a crash, it will log crucial information important for
allowing the 4f user to reproduce the problem and also debugging
Quit anyway? (y or n) y
pi3-darkstar new # file test_dump.bin
test_dump.bin: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped
pi3-darkstar new # objdump -T ./test_dump.bin
./test_dump.bin: file format elf32-i386
DYNAMIC SYMBOL TABLE:
ffffe414 g DF .text 00000014 LINUX_2.5 __kernel_vsyscall
00000000 g DO *ABS* 00000000 LINUX_2.5 LINUX_2.5
ffffe40c g DF .text 00000008 LINUX_2.5 __kernel_rt_sigreturn
and business collaboration application developed by IBM to work as a
desktop client in conjunction with IBM’s Lotus Domino server application.
The email functionality of Lotus Notes supports previewing and processing
file attachments in various formats. To preview and process files in the
Lotus Worksheet File format (WKS) used by Lotus 1-2-3 the email client
uses a library from a third-party software vendor (Autonomy’s Verity
KeyView SDK). Several buffer overflow vulnerabilities were found in the
third-party library used by Lotus Notes to process Lotus 1-2-3 file
attachments.
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-2327
Drew Yao discovered that libTIFF, a library for handling the Tagged Image
File Format, is vulnerable to a programming error allowing malformed
tiff files to lead to a crash or execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 3.8.2-7+etch1.
Sep 17, 2007
I. BACKGROUND
OpenOffice is an open-source desktop office suite for many of today's
popular operating systems. Tagged Image File Format (TIFF) is a widely
supported image file format. More information about these technologies
are available from the following URLs.
http://www.openoffice.org/
Multiple Vulnerabilities In .FLAC File Format and Various Media
Applications
Release Date:
November 15, 2007
Date Reported:
September 28, 2007 (Vendor Reporting Coordination Began With US-CERT)
Severity:
Stack-based buffer overflow in the read_1_3_textobject function in
f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject
function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier,
allows remote attackers to execute arbitrary code via a long string
in a malformed .fig file that uses the 1.3 file format. NOTE:
some of these details are obtained from third party information
(CVE-2009-4227).
Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier
allows remote attackers to cause a denial of service (application
This is followed by a series of zero or more function pointers to constructors
(or destructors), followed by a function pointer containing zero."
$ objdump --section=.ctors --headers /usr/lib/liblftp-tasks.so.0
/usr/lib/liblftp-tasks.so.0: file format elf32-i386
Sections:
Idx Name Size VMA LMA File off Algn
17 .ctors 00000040 00ddafc4 00ddafc4 00071fc4 2**2
CONTENTS, ALLOC, LOAD, DATA
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 11, 2007
I. BACKGROUND
Free Lossless Audio Codec (FLAC) is a popular file format for audio data
compression. AOL Corp.'s Winamp media player has support for the FLAC
format. More information about FLAC and Winamp is available at the
following URLs.
http://flac.sourceforge.net/
Mathcad Security Vulnerability Briefing - CVE-2007-4600
Synopsis of Vulnerability
==========================
The ‘Protect Worksheet’ functionality, used to protect sections Mathcad sheets from alterations, in versions 12 through 14 is easily bypassed allowing access to the protected data due to the implementation of the file format used to save the files.
Background on Mathcad
======================
Mathcad (http://www.ptc.com/appserver/mkt/products/home.jsp?k=3901) is used to perform, document and share calculation and design work. The unique Mathcad visual format and scratchpad interface integrate standard mathematical notation, text and graphs in a single worksheet - making Mathcad ideal for knowledge capture, calculation reuse, and engineering collaboration.
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco WebEx Player for the WebEx Advanced Recording Format (ARF)
file format is not affected by the vulnerabilities described in this
document.
No other Cisco products are currently known to be affected by these
vulnerabilities.
The version used in our tests in XnView 1.97.4 running on Windows 2000
SP4. By enticing the user of XnView to open a specially crafted file, a
remote attacker may exploit this vulnerability to gain arbitrary code
execution.
The MBM file format (shortened from MultiBitMap) is a container for a
set of bitmap images. MBM files are used by most Symbian applications to
store their graphical content. MBM files can be created with the BMCONV
tool which is supplied with any Symbian (and EPOC) SDK.
Products Confirmed Not Vulnerable
- ---------------------------------
The Cisco WebEx Player for the WebEx Advanced Recording Format (ARF)
file format is not affected by these vulnerabilities.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
vulnerable installations of the Adobe Shockwave Player. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page or open a malicious file.
The specific flaw exists within the Lnam chunk inside Adobe's RIFF-based
Director file format. The code within the IML32.dll does not properly
validate certain fields before using them to calculate sizes used for
later memory copy operations. This can lead to memory corruption which
can be leveraged to execute arbitrary code under the context of the user
running the browser.
Note that if wmic's not available on a target, railgun'll now be used
with GetLogicalDrives(), GetDriveTypeN() and GetVolumeInformationW().
A switch can be activated to always use railgun, even if vmic's
available on the targets. Adobe FlateDecode Stream Predictor 02
Integer Overflow was also added to the list of FileFormat attacks.
With the original Metasploit framework, usbsploit.rb can be used with
all options but also now the independent autorun_usbsploit.rb,
dump_usbsploit.rb and replace_usbsploit.rb meterpreter scripts.
dump_usbsploit.rb has an option to protect the dumped files from being
attackers to execute arbitrary code or cause a Denial of Service.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Affected packages
=================
Anibal Sacco from Core Security Technologies.
*Technical Description / Proof of Concept Code*
First some information from Quicktime File Format Specification (may 1996):
"A QuickTime file stores the description of the media separately from
the media data. The description, or meta-data, is called the movie and
contains information such as the number of tracks, video compression
format, and timing information. The movie also contains an index of
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 17, 2009
I. BACKGROUND
Autonomy KeyView SDK is a commercial SDK that provides many file format
parsing libraries. It supports a large number of different document
formats, one of which is the Word Perfect Document (WPD) format. It is
used by several popular vendors for processing documents. For more
information, visit the URL below.
Debian-specific: no
CVE Id(s) : CVE-2009-2285 CVE-2009-2347
Debian Bug : 534137
Several vulnerabilities have been discovered in the library for the
Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-2285
It was discovered that malformed TIFF images can lead to a crash
---------------------------
Microsoft Office 2008 for Mac
Microsoft Office 2004 for Mac
Microsoft Office XP Service Pack 3
Open XML File Format Converter for Mac
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
Problem Description:
Multiple vulnerabilities has been found and corrected in imagemagick:
A flaw was found in the way ImageMagick processed images with malformed
Exchangeable image file format (Exif) metadata. An attacker could
create a specially-crafted image file that, when opened by a victim,
would cause ImageMagick to crash or, potentially, execute arbitrary
code (CVE-2012-0247).
A denial of service flaw was found in the way ImageMagick processed
* Whether you need visa to enter Brazil or not
Speakers will be allocated 50 minutes of presentation time, although, if
needed, we can extend the presentation length if requested in advance.
Preferrable file format for papers and slides are both PDF and also PPT
for slides.
Speakers are asked to hand in slides used in their lectures.
PLEASE NOTE: Bear in mind no sales pitches will be allowed. If your
Jun 21, 2010
I. BACKGROUND
libTIFF is a free and popular image library that provides support for
displaying and manipulating Tag Image File Format (TIFF) image data.
This library is used by numerous applications and is included in
various vendor operating system distributions. For more information,
see the vendor's site found at the following link:
http://www.libtiff.org
vulnerable installations of the Adobe Shockwave Player. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page or open a malicious file.
The specific flaw exists within the DEMX chunk inside Adobe's RIFF-based
Director file format. The code within the Shockwave 3d Asset.x32 module
does not properly check a size value used for a loop counter, which will
cause heap memory to be overwritten. This can lead to memory corruption
which can be leveraged to execute arbitrary code under the context of
the user running the browser.
ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-040
-- CVE ID:
CVE-2008-1444
-- Affected Vendors:
Microsoft
I. BACKGROUND
Microsoft Office is a suite of products used for document, spreadsheet,
and presentation creation and viewing. Office Drawing Format is a
binary file format developed by Microsoft. It is used by all Office
programs to represent information about different types of shapes and
drawings commonly used in Office applications. For more information see
the vendor's website.
http://office.microsoft.com/
methods, via a class based API. For more information on GDI+, please
visit following URL.
http://msdn2.microsoft.com/en-us/library/ms533798.aspx
Tagged Image File Format (TIFF) is a container format for storing
images. For more information about TIFF, please visit following URL.
http://partners.adobe.com/public/developer/tiff/index.html
II. DESCRIPTION
Next Page>>
|
