Adobe Acrobat pushstring Memory Corruption paper

Published: 2010-09-12. Last Updated: 2010-09-12 20:32:33 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
1 comment(s)

Abysssec posted a very interesting paper analyzing the pushstring memory corruption vulnerability (CVE-2010-2201).

Read the paper at http://www.exploit-db.com/download_pdf/14983. Original Adobe advisory at http://www.adobe.com/support/security/bulletins/apsb10-15.html 

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

1 comment(s)

Comments

And the paper analyzing a pdf exploit is posted in a pdf! I hope everyone is using gpdf or sumatra. It used to be we spent a lot of time testing and patching MS OSs. Now we could consume all our time just patching adobe acrobat and flash (and verifying flash removed the older vulnerable version). I wish I could eliminate these product but they seem to become more ubiquitous. Is it time to go back to txt and html only?

Diary Archives