Dailydave mailing list archives

Re: JBIG falls without JavaScript

From: Thorsten Holz <thorsten.holz () gmail com>
Date: Wed, 4 Mar 2009 21:18:12 +0100

On 03.03.2009, at 20:06, dave wrote:

So things like this are harder than they look - Pablo and Kostya had  
to
work quite a bit on reliability every step of the way. But the Acrobat
JBIG exploit now works nicely without any JavaScript heap spray.



Didier Stevens also has two interesting postings on this subject:

http://blog.didierstevens.com/2009/03/02/quickpost-jbig2decode-essentials/
http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/

Cheers,
   Thorsten
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

JBIG falls without JavaScript dave (Mar 03)
- Re: JBIG falls without JavaScript Pusscat (Mar 03)
- Re: JBIG falls without JavaScript Thorsten Holz (Mar 06)
  - Re: JBIG falls without JavaScript dave (Mar 06)