Dailydave mailing list archives

JBIG falls without JavaScript

From: dave <dave () immunityinc com>
Date: Tue, 03 Mar 2009 14:06:40 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Downloadable here, for those of you with CANVAS Early Update Subscriptions:
http://www.immunityinc.com/ceu-index.shtml

So things like this are harder than they look - Pablo and Kostya had to
work quite a bit on reliability every step of the way. But the Acrobat
JBIG exploit now works nicely without any JavaScript heap spray.

For those of you with the exploit that was caught in the wild, how
reliable is that one? What versions of Acrobat Reader does it work on?

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmtf8AACgkQtehAhL0gheoN+ACfcEPl1ADGcc9ouGVhgeR46qFe
dl8AniOrku/5H/WfNMug95zN4LwS7XIt
=CE+o
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

JBIG falls without JavaScript dave (Mar 03)
- Re: JBIG falls without JavaScript Pusscat (Mar 03)
- Re: JBIG falls without JavaScript Thorsten Holz (Mar 06)
  - Re: JBIG falls without JavaScript dave (Mar 06)