[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Memory corruption when loading/unloading Adobe objects through EMBED tag in Firefox



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 

No, I installed latest updates prior to testing.
They should be aware of this however considering what appear to be
striking similarities in the code base between Foxit and Adobe
readers, at least as far as shared bugs go.
If not they will be aware of this after they read the email I sent them.

MrX

Rohit Patnaik wrote:
> Has Foxit released an update for this?
>
> --Rohit Patnaik
>
> On Tue, Oct 13, 2009 at 6:40 PM, mrx <mrx@xxxxxxxxxxxxxxxxxxx> wrote:
>
>
> It would appear that Foxit reader version 3.1.1.0928 is also
> vulnerable to this memory corruption flaw.
> Foxit reader was also vulnerable to the JPEG2000/JBIG2 decoder bug.
>
> Makes me wonder how much code is common to both Adobes and Foxits PDF
> readers
>
> MrX
>
>
> Berend-Jan Wever wrote:
> >>> Adobe bulletin:
> >>> http://www.adobe.com/support/security/bulletins/apsb09-15.html
> >>>
> >>> Short description and repro case:
> >>>
> http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/
> >>> Cheers,
> >>>
> >>> SkyLined
> >>> <
> http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/
> >>> Berend-Jan Wever <berendjanwever@xxxxxxxxx>
> >>> http://skypher.com/SkyLined
> >>>
> >>>
> >>>
> ----------------------------------------------------------------------
> >>>
> >>> _______________________________________________
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted and sponsored by Secunia - http://secunia.com/
>>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
>>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
iQEVAwUBStUc0LIvn8UFHWSmAQIITggAxL/oV6LGNuqfXj59xbV3fLAdh/6aeE7I
hna0TysRDSi/bN+lE/JLyh+F8WDdr/uNb4Kzc+mTEd5vVqTp2Qlw5ctkQu9AcCxn
Gk9khwhgRkxYfE/DF9RsFluRMacEaYMUNuectMz+ViCiLhYiLSBrcN9N6khSBIHZ
o8ttvZBlt9ovlIu08dmuexcIVpIax8SHJj+lPWtuuRYNw/PB02hu3Pnm839nP0cD
o8ZQPXkG7zvVgBVdMoVCGLWkMgw1T9P73+32TqTC7aAuY9mwRWhG3o2LZo+/Iicl
Z/uIBT74SWzWZOdhzwdQdlXpmKXad1A8W7XxqfFLhea6WYmbj/MzHg==
=bPXc
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/