Re[2]: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow

["Vladimir '3APA3A' Dubrovin" <3APA3A () SECURITY NNOV RU>]

Dear Eric C. Lukens,

US-CERT  note  TA09-051A  on this issue beeing exploited in-the-wild was
issued on February, 20.

http://www.us-cert.gov/cas/techalerts/TA09-051A.html

--Wednesday, March 25, 2009, 10:20:40 PM, you wrote to bugtraq () securityfocus com:

ECL> I noticed that as well, but suspected they were notified via more then
ECL> one mechanism or had already found the bug internally. I find it funny
ECL> that they had the final code ready on the 28th, but still didn't get it
ECL> out to the public for another 2 weeks.  I suppose they ran it through
ECL> one last QA procedure, or they just don't like to deliver things early.

ECL> -Eric

ECL> -------- Original Message  --------
ECL> Subject: Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary
ECL> Buffer Overflow
ECL> From: Florian Weimer <fw () deneb enyo de>
ECL> To: Secunia Research <remove-vuln () secunia com>
ECL> Cc: bugtraq () securityfocus com
ECL> Date: 3/25/09 11:42 AM
> > * Secunia Research:
> >
> >   
> > > ======================================================================
> > > 5) Solution 
> > >
> > > Update to version 7.1.1, 8.1.4, or 9.1.
> > >
> > > ======================================================================
> > > 6) Time Table 
> > >
> > > 06/03/2009 - Vendor notified.
> > > 07/03/2009 - Vendor response.
> > > 25/03/2009 - Public disclosure.
> > >     
> >
> > Something doesn't add up because the 9.1 binary I've got was created
> > on February 28th, according to Verisign's time stamping signature in
> > the Authenticode signature.
> >   



-- 
Skype: Vladimir.Dubrovin
~/ZARAZA http://securityvulns.com/