Hi Friends, I am doing some research for an old vulnerability CVE-2007-5169.Its related to Adobe pagemaker. I just went through the vulnerability and it states that if one attacker is trying to craft a long font name i.e. Courier New and then after that he is crafting, lets say 40-50 AAAA or BBBB. Then if any user will open the crafted page maker file then the crafted pmd file will crash the application and cause stack overflow or may do arbitrary code execution. I just went though an attack Pcap and got these information. Well now I know whats the magic bytes for detecting Pagamaker document over the wire. But from the signature writing perspective, I need to know the structure that where it stores the font names in its file format. But as you know Adobe's most of the file formats are proprietary and not publically available so I am not able to figure out that what procedure I can follow to detect this attack attempt.
So can anyone please give me some reference on this vulnerability or its attack detection procedure? I would be very thankful. Thanks, Sujit
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/