[Dailydave] JBIG falls without JavaScript

dave dave at immunityinc.com
Fri Mar 6 11:25:23 EST 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In modern times I find that sometimes the key to a successful exploit is
in narrowing your scope. For example, it may take thousands of hours to
figure out how to exploit Acrobat Reader reliably as a plugin to IE 7.
You're looking for a function pointer to overwrite, but there isn't a
place in memory that is static enough to use...you get to account for
memory moving around due to every toolbar ever installed on a system.

Perhaps you make your exploit rely on a Java VM, or Flash, or you build
a giant dictionary of potential situations (fail!).

Or you say, screw it, I'll just send people these PDF's by email. :>

Which reminds, me, for people interested in reading PDF's from us these
days:

https://www.immunityinc.com/downloads/ImmunityUnethicalHackingAustralia.pdf

If you're too chicken to click - in text format it says something like
this :> :
"""
Immunity Inc. is pleased to announce its first ever Unethical Hacking
Training Class to be taught in Canberra, Australia.

We are offering a special introductory rate for this class, which will
be held June 22-26, 2009. To sign up please email us at
admin at immunityinc.com.
"""

- -dave

Thorsten Holz wrote:
> On 03.03.2009, at 20:06, dave wrote:
> 
>> So things like this are harder than they look - Pablo and Kostya had  
>> to
>> work quite a bit on reliability every step of the way. But the Acrobat
>> JBIG exploit now works nicely without any JavaScript heap spray.
> 
> 
> Didier Stevens also has two interesting postings on this subject:
> 
> http://blog.didierstevens.com/2009/03/02/quickpost-jbig2decode-essentials/
> http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/
> 
> Cheers,
>    Thorsten
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmxTnMACgkQtehAhL0gher1wACdGCrd2/EEq/5mQUnM1eqy/ZDN
0xcAn0EZLXaB8mbz1Vwb7rZmE4F+gOm/
=4WPD
-----END PGP SIGNATURE-----

More information about the Dailydave mailing list