Next Page >>
file formats
RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. It cracks hashes with rainbow tables.
Version 1.4 of the RainbowCrack software is now available for download.
New features:
- New compact rainbow table file format (.rtc) reduce rainbow table size by 50% to 56.25%
- New rt2rtc utility convert rainbow table from raw file format (.rt) to compact file format (.rtc)
- New rtc2rt utility convert rainbow table from compact file format (.rtc) to raw file format (.rt)
- The rcrack/rcrack_cuda program support both .rt and .rtc rainbow table file format
- Conversion from non-perfect to perfect rainbow table is supported by rt2rtc utility
handbook about security holes that also describes current
state-of-the-start exploitation techniques for different hardware
platforms and operating systems [6].
The vulnerabilities discovered are summarized below grouped by the type
of image file format that is parsed by the vulnerable component.
#1 - GIF image parsing heap overflow
The Graphics Interchange Format (GIF) is image format dating at least
from 1989 [7]. It was popularized because GIF images can be compressed
Krakow Labs Development
4f: The File Format Fuzzing Framework
4f is a file format fuzzing framework. 4f uses modules which are
specifications of the targeted binary or text file format that tell it
how to fuzz the target application.
If 4f detects a crash, it will log crucial information important for
allowing the 4f user to reproduce the problem and also debugging
and business collaboration application developed by IBM to work as a
desktop client in conjunction with IBM’s Lotus Domino server application.
The email functionality of Lotus Notes supports previewing and processing
file attachments in various formats. To preview and process files in the
Lotus Worksheet File format (WKS) used by Lotus 1-2-3 the email client
uses a library from a third-party software vendor (Autonomy’s Verity
KeyView SDK). Several buffer overflow vulnerabilities were found in the
third-party library used by Lotus Notes to process Lotus 1-2-3 file
attachments.
Adobe Audition is a digital audio workstation software for Windows that
was originally developed by Syntrillium as Cool Edit Pro, and acquired
by Adobe in 2003. The software allows user to do multitrack audio mixing
and editing and supports storing of multitrack audio using a session
file format (.ses).
Adobe audition is vulnerable to numerous buffer overflows while parsing
several fields inside the TRKM chunk on session (.ses) files. Then, a
memory corruption can be leveraged to execute arbitrary code on
vulnerable systems by enticing users to open specially crafted session
* Microsoft Excel 2010 SP 1 (64-bit editions)
* Microsoft Office 2010 and Microsoft Office 2010 SP 1 (64-bit editions)
* Microsoft Office 2004 for Mac
* Microsoft Office 2008 for Mac
* Microsoft Office for Mac 2011
* Open XML File Format Converter for Mac
* Microsoft Excel Viewer SP 2
* Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats SP 2
* Excel Services
* Microsoft Excel Web App 2010 and Microsoft Excel Web App 2010 SP 1
Mathcad Security Vulnerability Briefing - CVE-2007-4600
Synopsis of Vulnerability
==========================
The ‘Protect Worksheet’ functionality, used to protect sections Mathcad sheets from alterations, in versions 12 through 14 is easily bypassed allowing access to the protected data due to the implementation of the file format used to save the files.
Background on Mathcad
======================
Mathcad (http://www.ptc.com/appserver/mkt/products/home.jsp?k=3901) is used to perform, document and share calculation and design work. The unique Mathcad visual format and scratchpad interface integrate standard mathematical notation, text and graphs in a single worksheet - making Mathcad ideal for knowledge capture, calculation reuse, and engineering collaboration.
- Microsoft Office Word 2007 Service Pack 2
- Microsoft Office Word 2007 Service Pack 1
- Microsoft Office Word 2002 Service Pack 3
- Microsoft Office for Mac 2004
- Microsoft Office for Mac 2008
- Open XML File Format Converter for Mac
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
2007 File Formats Service Pack 1 and Microsoft Office Compatibility
Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
* Microsoft Excel 2010 SP 1 (64-bit editions)
* Microsoft Office 2010 and Microsoft Office 2010 SP 1 (64-bit editions)
* Microsoft Office 2004 for Mac
* Microsoft Office 2008 for Mac
* Microsoft Office for Mac 2011
* Open XML File Format Converter for Mac
* Microsoft Excel Viewer SP 2
* Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats SP 2
* Excel Services
* Microsoft Excel Web App 2010 and Microsoft Excel Web App 2010 SP 1
> - Microsoft Office Word 2007 Service Pack 2
> - Microsoft Office Word 2007 Service Pack 1
> - Microsoft Office Word 2002 Service Pack 3
> - Microsoft Office for Mac 2004
> - Microsoft Office for Mac 2008
> - Open XML File Format Converter for Mac
> - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
> 2007 File Formats Service Pack 1 and Microsoft Office Compatibility
> Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Erm .. just for the record, according to Microsoft, NIST, Mitre and
* Microsoft Excel 2010 SP 1 (64-bit editions)
* Microsoft Office 2010 and Microsoft Office 2010 SP 1 (64-bit editions)
* Microsoft Office 2004 for Mac
* Microsoft Office 2008 for Mac
* Microsoft Office for Mac 2011
* Open XML File Format Converter for Mac
* Microsoft Excel Viewer SP 2
* Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats SP 2
* Excel Services
* Microsoft Excel Web App 2010 and Microsoft Excel Web App 2010 SP 1
- Microsoft Office Excel 2007 Service Pack 2
- Microsoft Office Excel 2003 Service Pack 3
- Microsoft Office Excel 2002 Service Pack 3
- Microsoft Office 2008 for Mac
- Microsoft Office 2004 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Excel Viewer 2003 Service Pack 3
- Microsoft Office Excel Viewer Service Pack 1
- Microsoft Office Excel Viewer Service Pack 2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats Service Pack 1
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-2327
Drew Yao discovered that libTIFF, a library for handling the Tagged Image
File Format, is vulnerable to a programming error allowing malformed
tiff files to lead to a crash or execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 3.8.2-7+etch1.
This is followed by a series of zero or more function pointers to constructors
(or destructors), followed by a function pointer containing zero."
$ objdump --section=.ctors --headers /usr/lib/liblftp-tasks.so.0
/usr/lib/liblftp-tasks.so.0: file format elf32-i386
Sections:
Idx Name Size VMA LMA File off Algn
17 .ctors 00000040 00ddafc4 00ddafc4 00071fc4 2**2
CONTENTS, ALLOC, LOAD, DATA
Sep 17, 2007
I. BACKGROUND
OpenOffice is an open-source desktop office suite for many of today's
popular operating systems. Tagged Image File Format (TIFF) is a widely
supported image file format. More information about these technologies
are available from the following URLs.
http://www.openoffice.org/
The version used in our tests in XnView 1.97.4 running on Windows 2000
SP4. By enticing the user of XnView to open a specially crafted file, a
remote attacker may exploit this vulnerability to gain arbitrary code
execution.
The MBM file format (shortened from MultiBitMap) is a container for a
set of bitmap images. MBM files are used by most Symbian applications to
store their graphical content. MBM files can be created with the BMCONV
tool which is supplied with any Symbian (and EPOC) SDK.
Autodesk Maya [2] is a high-end 3D computer graphics and 3D modeling
software package.
Autodesk Maya offers so called "Script Nodes" as a way to program
animation behavior using MEL (Maya Embedded Language) and the Python
programming language. The Autodesk Maya file formats support embedding
of scripting code as part of a scene package. Programs embeded in Maya
files using scripting code are automatically executed upon opening of
the file. An attacker can take control of a system where Maya is
installed by sending a specially crafted scene package and enticing
the user to open it. The scripting code will run with the privileges
Products Confirmed Not Vulnerable
- ---------------------------------
The Cisco WebEx Player for the WebEx Advanced Recording Format (ARF)
file format is not affected by these vulnerabilities.
No other Cisco products are currently known to be affected by these
vulnerabilities.
Details
Stack-based buffer overflow in the read_1_3_textobject function in
f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject
function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier,
allows remote attackers to execute arbitrary code via a long string
in a malformed .fig file that uses the 1.3 file format. NOTE:
some of these details are obtained from third party information
(CVE-2009-4227).
Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier
allows remote attackers to cause a denial of service (application
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 11, 2007
I. BACKGROUND
Free Lossless Audio Codec (FLAC) is a popular file format for audio data
compression. AOL Corp.'s Winamp media player has support for the FLAC
format. More information about FLAC and Winamp is available at the
following URLs.
http://flac.sourceforge.net/
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 25, 2009
I. BACKGROUND
Autonomy KeyView SDK is a commercial SDK that provides many file format
parsing libraries. It supports a large number of different document
formats, one of which is the Microsoft Excel 97 (XLS) format. It is
used by several popular vendors for processing documents. For more
information, visit the URL referenced below.
Microsoft Office XP Service Pack 3 and older
Microsoft Office 2003 Service Pack 3 and older
2007 Microsoft Office System Service Pack 2 and older
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML file format converter for Mac
Microsoft Office Word Viewer
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Microsoft Works 9
Microsoft Office 2002 Service Pack 3
Microsoft Office 2008 for Mac
Microsoft Office 2004 for Mac
Microsoft Office Web Apps
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats Service Pack 2
Open XML File Format Converter for Mac
Microsoft Word Viewer
IV. Binary Analysis & Exploits/PoCs
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco WebEx Player for the WebEx Advanced Recording Format (ARF)
file format is not affected by the vulnerabilities described in this
document.
No other Cisco products are currently known to be affected by these
vulnerabilities.
. Microsoft Office 2003 Service Pack 3
. 2007 Microsoft Office System Service Pack 1
. 2007 Microsoft Office System Service Pack 2
. Microsoft Office 2008 for Mac
. Open XML File Format Converter for Mac
. Microsoft Office Excel Viewer Service Pack 1 and Microsoft Office
Excel Viewer Service Pack 2
. Microsoft Office Word Viewer
. PowerPoint Viewer 2007 Service Pack 1 and PowerPoint Viewer 2007
Service Pack 2
Multiple Vulnerabilities In .FLAC File Format and Various Media
Applications
Release Date:
November 15, 2007
Date Reported:
September 28, 2007 (Vendor Reporting Coordination Began With US-CERT)
Severity:
I. BACKGROUND
The Common UNIX Printing System, more commonly referred to as CUPS,
provides a standard printer interface for various Unix based operating
systems. "imagetops" is a part of CUPS responsible for creating
PostScript representations of different graphic file formats. For more
information, visit the vendor's website at the following URL.
http://www.cups.org/
II. DESCRIPTION
- Behavioral analysis will catch this ?
No, the content is unreadable to the AV engine as such no inspection
whatsoever is possible.
- Evasions are the Cross Site scripting of File formats bugs
Yes.
IV. Disclosure timeline
~~~~~~~~~~~~~~~~~~~~~~~~~
libaccess_realrtsp plugin (CVE-2008-0296), possibly resulting in a
heap-based buffer overflow.
* Felipe Manzano and Anibal Sacco (Core Security Technologies)
discovered an arbitrary memory overwrite vulnerability in VLC's
MPEG-4 file format parser (CVE-2008-0984).
Impact
======
A remote attacker could send a long subtitle in a file that a user is
Attachment Service. This application is used to convert email
attachments into a format that is easily rendered on BlackBerry
devices. When a user requests an attachment on their BlackBerry device,
the Attachment Service will obtain the attachment, parse and convert it,
and then send it to the user for viewing. The Attachment Service is
capable of converting a variety of different file formats, including
PDF files. This vulnerability affects the PDF filter/distiller. For
more information, see the vendor's site found at the following link.
http://na.blackberry.com/eng/services/server/
Next Page>>
|
