Bugtraq mailing list archives
Re[2]: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow
From: "Vladimir '3APA3A' Dubrovin" <3APA3A () SECURITY NNOV RU>
Date: Wed, 25 Mar 2009 22:55:32 +0300
Dear Eric C. Lukens, US-CERT note TA09-051A on this issue beeing exploited in-the-wild was issued on February, 20. http://www.us-cert.gov/cas/techalerts/TA09-051A.html --Wednesday, March 25, 2009, 10:20:40 PM, you wrote to bugtraq () securityfocus com: ECL> I noticed that as well, but suspected they were notified via more then ECL> one mechanism or had already found the bug internally. I find it funny ECL> that they had the final code ready on the 28th, but still didn't get it ECL> out to the public for another 2 weeks. I suppose they ran it through ECL> one last QA procedure, or they just don't like to deliver things early. ECL> -Eric ECL> -------- Original Message -------- ECL> Subject: Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary ECL> Buffer Overflow ECL> From: Florian Weimer <fw () deneb enyo de> ECL> To: Secunia Research <remove-vuln () secunia com> ECL> Cc: bugtraq () securityfocus com ECL> Date: 3/25/09 11:42 AM
* Secunia Research:====================================================================== 5) Solution Update to version 7.1.1, 8.1.4, or 9.1. ====================================================================== 6) Time Table 06/03/2009 - Vendor notified. 07/03/2009 - Vendor response. 25/03/2009 - Public disclosure.Something doesn't add up because the 9.1 binary I've got was created on February 28th, according to Verisign's time stamping signature in the Authenticode signature.
-- Skype: Vladimir.Dubrovin ~/ZARAZA http://securityvulns.com/
Current thread:
- Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Secunia Research (Mar 25)
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Florian Weimer (Mar 25)
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Eric C. Lukens (Mar 25)
- Re[2]: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Vladimir '3APA3A' Dubrovin (Mar 25)
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Eric C. Lukens (Mar 25)
- Re: Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow Florian Weimer (Mar 25)