[Mimedefang] PDF vulnerability

Kenneth Porter shiva at sewingwitch.com
Tue Feb 24 18:27:08 EST 2009

--On Tuesday, February 24, 2009 2:42 PM -0500 "Kevin A. McGrail" 
<kmcgrail at pccc.com> wrote:

> I don't know.  I don't think many people have much information about the
> exploit.

The blog link I posted earlier indicates that it's the jbig2 decompression 
code that fails with a crafted jbig2 object, and shows how to trigger it. 
JavaScript is used to get malicious code onto the heap so that when the 
object is decompressed, it crashes into the code. So even if you disable 
JS, you still get a crash, just not an easy way to get it to jump to code 
the attacker controls.

The patch (in the form of a replacement DLL) addresses the bug in the 
decompresser, and causes a popup error message, instead.

More information about the MIMEDefang mailing list