[Mimedefang] PDF vulnerability
Kenneth Porter
shiva at sewingwitch.com
Tue Feb 24 18:27:08 EST 2009
--On Tuesday, February 24, 2009 2:42 PM -0500 "Kevin A. McGrail"
<kmcgrail at pccc.com> wrote:
> I don't know. I don't think many people have much information about the
> exploit.
The blog link I posted earlier indicates that it's the jbig2 decompression
code that fails with a crafted jbig2 object, and shows how to trigger it.
JavaScript is used to get malicious code onto the heap so that when the
object is decompressed, it crashes into the code. So even if you disable
JS, you still get a crash, just not an easy way to get it to jump to code
the attacker controls.
The patch (in the form of a replacement DLL) addresses the bug in the
decompresser, and causes a popup error message, instead.
More information about the MIMEDefang
mailing list