[NT] Adobe PageMaker PMD File Processing Buffer Overflows
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 2 Nov 2008 14:50:49 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
Adobe PageMaker PMD File Processing Buffer Overflows
" <http://www.adobe.com/products/pagemaker/index.html> Adobe PageMaker 7.0
software is the ideal page layout program for business, education, and
small- and home-office professionals who want to create high-quality
publications such as brochures and newsletters. Get started quickly with
templates, graphics, and intuitive design tools; work productively across
Adobe applications; and easily leverage existing content to create
customized communications." Secunia Research has discovered two
vulnerabilities in Adobe PageMaker, which can be exploited by malicious
people to compromise a user's system.
* Adobe PageMaker version 7.0.1
The vulnerabilities are caused due to boundary errors when processing
certain structures in a .PMD file. These can be exploited to cause
stack-based and heap-based buffer overflows via e.g. a .PMD file with a
specially crafted font structure.
Successful exploitation allows execution of arbitrary code.
The vendor will be releasing a fix for the stack-based buffer overflow
shortly and is working on a fix for the heap-based buffer overflow.
23/10/2007 - Vendor notified.
24/10/2007 - Vendor response.
26/10/2007 - Additional vulnerability reported to vendor.
26/10/2007 - Vendor response.
13/11/2007 - Vendor acknowledges vulnerabilities.
05/12/2007 - Status update requested.
06/12/2007 - Vendor response (working on getting resources for development
21/01/2008 - Status update requested.
10/03/2008 - Status update requested.
12/03/2008 - Vendor response (new developer currently getting familiar
with the code).
30/05/2008 - Vendor provides fix for testing and informs of expected
release date on 10th June 2008.
02/06/2008 - Vendor asks for CVE identifier.
03/06/2008 - Vendor provided with CVE identifier and informed that only
one of the vulnerabilities has been fixed in the supplied patch.
04/06/2008 - Vendor response (more time needed to address second
04/07/2008 - Status update requested. Informed vendor that release date
now is set to end of October.
08/07/2008 - Vendor response (still trying to find resources to resolve
30/09/2008 - Vendor provides status update.
01/10/2008 - Vendor informed of fixed disclosure date (29/10/2008).
27/10/2008 - Vendor provides status update and requests CVE identifier for
the unpatched vulnerability.
28/10/2008 - Vendor provided with additional CVE identifier.
29/10/2008 - Public disclosure.
The information has been provided by Secunia Research.
The original article can be found at:
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NEWS] Novell eDirectory NCP Get Extension Information Request Memory Corruption Vulnerability
- Next by Date: [UNIX] GNU Enscript "setfilename" Special Escape Buffer Overflow
- Previous by thread: [NEWS] Novell eDirectory NCP Get Extension Information Request Memory Corruption Vulnerability
- Next by thread: [UNIX] GNU Enscript "setfilename" Special Escape Buffer Overflow