Recent Posts
- Export Address Table Filtering (EMET v2)
- Time of check, time of use
- MalwareDomains.com Serving Malware
- Scary monsters (and super creeps)
- Happy exploit wednesday!
- All you can spray
- Update: PDF sploits in the wild
- PDF sploits in the wild
- Vuln: maildrop Group Permission Dropping Privilege ..
-
maildrop Group Permission Dropping Privilege Escalation ..
- Vuln: Quagga bgpd Null Pointer Deference Denial Of ..
-
Quagga bgpd Null Pointer Deference Denial Of Service Vul..
- Vuln: Quagga bgpd Route-Refresh Message Stack Buffe..
-
Quagga bgpd Route-Refresh Message Stack Buffer Overflow ..
Categories
Comments
- abhi:Hi, I go
- k`sOSe:sorry for that,
- ftk:can you reuploa
- Vincent:Yup, 403.
- DG:403 Forbidden f
- k`sOSe:yep, exactly. t
- Thierry :"assuming
- h4x0r:Yeahhh ! i,m w
- snip:All work and no
- testonly:hi, i tried thi
- k`sOSe:hello w0lf, tha
- w0lf:hello frist of
- k`sOSe:Hi send9, feel
- k`sOSe:heya snip, than
- send9:Nice. I don
- snip:Guido, questa m
- fXsTar:Infernet eXplod
- k`sOSe:yeah indeed, my
- nopper:w00ting club :)
- k`sOSe:well said patri
- k`sOSe:thx
- sweet :cool shit you g
- k`sOSe:Fossi in te ci
- devon:Appena fixano r
PDF sploits in the wild
Posted on 2009-07-23 21:37:04 in PornoSecurity
Just a couple of minutes ago I was taking my dayly dose of interweb when I stumbled upon the xorl blog, who linked this pdf that was linked by hdmoore from a live malware site. I googled a bit to find the live site and I found it. Xorl stated that it seems to be CVE-2009-1856, an integer overflow that iDefense said it could result in a heap buffer being overflowed. It could be, yes, but actually if you load this PDF you'll get a stack overflow and a wonderful SEH overwrite:
I'm not saying that it's not CVE-2009-1856 and I don't have the time to take a closer look at the vuln right now(actually I going to go to get drunk :). It smashes the stack yes, but the root cause could be an overly long heap buffer copied(it's an strcat) onto the stack. You may wonder what's the sexy thing in here... well, take a look at the pdf :)
funny eh? :)