Dailydave mailing list archives
Re: JBIG falls without JavaScript
From: Thorsten Holz <thorsten.holz () gmail com>
Date: Wed, 4 Mar 2009 21:18:12 +0100
On 03.03.2009, at 20:06, dave wrote:
So things like this are harder than they look - Pablo and Kostya had to work quite a bit on reliability every step of the way. But the Acrobat JBIG exploit now works nicely without any JavaScript heap spray.
Didier Stevens also has two interesting postings on this subject: http://blog.didierstevens.com/2009/03/02/quickpost-jbig2decode-essentials/ http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/ Cheers, Thorsten _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- JBIG falls without JavaScript dave (Mar 03)
- Re: JBIG falls without JavaScript Pusscat (Mar 03)
- Re: JBIG falls without JavaScript Thorsten Holz (Mar 06)
- Re: JBIG falls without JavaScript dave (Mar 06)