‘Adobe PageMaker Key Strings Stack Buffer Overflow Vulnerability’

Published on November 2nd, 2008
Summary

Adobe PageMaker is ‘document layout application, and is commonly used for desktop publishing’. Remote exploitation of a stack buffer overflow vulnerability in Adobe Systems Inc.’s PageMaker could allow an attacker to execute arbitrary code with the privileges of the current user.’

Credit:

‘The information has been provided by iDefense.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=749


Details

Vulnerable Systems:
 * Adobe PageMaker version 7.0.1 (with CVE-2007-5169 patch)

Immune Systems:
 * Adobe PageMaker version 7.0.1 (with APSA08-10 Patch)

A vulnerability exists within the handling of PMD files, the native file format for storing PageMaker documents. When parsing a malformed PMD file, data from the file is copied into a buffer without proper validation. This results in an exploitable stack based buffer overflow.

Analysis:
Exploitation of this vulnerability could allow an attacker to execute arbitrary code with the privileges of the user opening the file. Exploitation would require that an attacker hosts a maliciously crafted document on a website and entice users to visit the site. An attacker could also e-mail the malicious document and use social engineering techniques to trick the e-mail recipient into opening the document.

V. WORKAROUND

iDefense is currently unaware of any workarounds for this issue.
VI. VENDOR RESPONSE

Adobe categorizes this as a critical issue and recommends affected users patch their installations, and avoid opening PageMaker files from untrusted or unknown sources. A patch is available from the vendor at the following URL:
http://www.adobe.com/support/security/bulletins/downloads/APSA08-10.zip

CVE Information:
CVE-2008-6432

Disclosure timeline:
12/18/2007 – Initial vendor notification
12/19/2007 – Initial vendor response
06/09/2008 – Vendor follow-up
10/29/2008 – Vendor releases patch.’

Categories: Windows
Tags:

Related Posts

Windows

Microsoft Office Use After Free Memory Corruption Vulnerabilities

Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka 'Use After Free Word Remote Code Execution Vulnerability.'

Windows

Microsoft Windows Local Privilege Escalation Vulnerabilities

The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or 'Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability.'

Windows

Microsoft Internet Explorer Cross-Domain Information Disclosure Vulnerabilities

Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka 'Internet Explorer Cross-domain Information Disclosure Vulnerability.'