Full Disclosure mailing list archives
Re: ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability
From: Dan Kaminsky <dan () doxpara com>
Date: Thu, 7 Oct 2010 01:12:51 -0400
Well, awesome. This sounds near-identical to some issues that the Sun JRE had a few years back[1]. I wonder if the code shares a common lineage? :)
No common lineage required; ICC's filled with 32 bit element counts. They're always int overflow bait.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability ZDI Disclosures (Oct 06)
- Re: ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability Chris Evans (Oct 06)
- Re: ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability Dan Kaminsky (Oct 06)
- Re: ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability Marcio B. Jr. (Oct 07)
- Re: ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability Chris Evans (Oct 06)