Dailydave mailing list archives
Re: JBIG falls without JavaScript
From: dave <dave () immunityinc com>
Date: Fri, 06 Mar 2009 11:25:23 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In modern times I find that sometimes the key to a successful exploit is in narrowing your scope. For example, it may take thousands of hours to figure out how to exploit Acrobat Reader reliably as a plugin to IE 7. You're looking for a function pointer to overwrite, but there isn't a place in memory that is static enough to use...you get to account for memory moving around due to every toolbar ever installed on a system. Perhaps you make your exploit rely on a Java VM, or Flash, or you build a giant dictionary of potential situations (fail!). Or you say, screw it, I'll just send people these PDF's by email. :> Which reminds, me, for people interested in reading PDF's from us these days: https://www.immunityinc.com/downloads/ImmunityUnethicalHackingAustralia.pdf If you're too chicken to click - in text format it says something like this :> : """ Immunity Inc. is pleased to announce its first ever Unethical Hacking Training Class to be taught in Canberra, Australia. We are offering a special introductory rate for this class, which will be held June 22-26, 2009. To sign up please email us at admin () immunityinc com. """ - -dave Thorsten Holz wrote:
On 03.03.2009, at 20:06, dave wrote:So things like this are harder than they look - Pablo and Kostya had to work quite a bit on reliability every step of the way. But the Acrobat JBIG exploit now works nicely without any JavaScript heap spray.Didier Stevens also has two interesting postings on this subject: http://blog.didierstevens.com/2009/03/02/quickpost-jbig2decode-essentials/ http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/ Cheers, Thorsten _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmxTnMACgkQtehAhL0gher1wACdGCrd2/EEq/5mQUnM1eqy/ZDN 0xcAn0EZLXaB8mbz1Vwb7rZmE4F+gOm/ =4WPD -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- JBIG falls without JavaScript dave (Mar 03)
- Re: JBIG falls without JavaScript Pusscat (Mar 03)
- Re: JBIG falls without JavaScript Thorsten Holz (Mar 06)
- Re: JBIG falls without JavaScript dave (Mar 06)