[NT] Adobe PageMaker PMD File Processing Buffer Overflows

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.

- - - - - - - - -

Adobe PageMaker PMD File Processing Buffer Overflows


" <http://www.adobe.com/products/pagemaker/index.html> Adobe PageMaker 7.0
software is the ideal page layout program for business, education, and
small- and home-office professionals who want to create high-quality
publications such as brochures and newsletters. Get started quickly with
templates, graphics, and intuitive design tools; work productively across
Adobe applications; and easily leverage existing content to create
customized communications." Secunia Research has discovered two
vulnerabilities in Adobe PageMaker, which can be exploited by malicious
people to compromise a user's system.


Vulnerable Systems:
* Adobe PageMaker version 7.0.1

The vulnerabilities are caused due to boundary errors when processing
certain structures in a .PMD file. These can be exploited to cause
stack-based and heap-based buffer overflows via e.g. a .PMD file with a
specially crafted font structure.

Successful exploitation allows execution of arbitrary code.

The vendor will be releasing a fix for the stack-based buffer overflow
shortly and is working on a fix for the heap-based buffer overflow.

Time Table:
23/10/2007 - Vendor notified.
24/10/2007 - Vendor response.
26/10/2007 - Additional vulnerability reported to vendor.
26/10/2007 - Vendor response.
13/11/2007 - Vendor acknowledges vulnerabilities.
05/12/2007 - Status update requested.
06/12/2007 - Vendor response (working on getting resources for development
and testing).
21/01/2008 - Status update requested.
10/03/2008 - Status update requested.
12/03/2008 - Vendor response (new developer currently getting familiar
with the code).
30/05/2008 - Vendor provides fix for testing and informs of expected
release date on 10th June 2008.
02/06/2008 - Vendor asks for CVE identifier.
03/06/2008 - Vendor provided with CVE identifier and informed that only
one of the vulnerabilities has been fixed in the supplied patch.
04/06/2008 - Vendor response (more time needed to address second
04/07/2008 - Status update requested. Informed vendor that release date
now is set to end of October.
08/07/2008 - Vendor response (still trying to find resources to resolve
the vulnerabilities).
30/09/2008 - Vendor provides status update.
01/10/2008 - Vendor informed of fixed disclosure date (29/10/2008).
27/10/2008 - Vendor provides status update and requests CVE identifier for
the unpatched vulnerability.
28/10/2008 - Vendor provided with additional CVE identifier.
29/10/2008 - Public disclosure.

CVE Information:
CVE-2007-5394 and


The information has been provided by Secunia Research.
The original article can be found at:


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.