Sent to you by l5g via Google Reader:
via Hacking Expose! by noreply@blogger.com (d3ck4) on 10/18/09
In-depth research on the recent PDF zero-day exploit by the Fortinet's FortiGuard Global Security Research TeamOverview
PDF files are mostly made of tags, parameters, and streams, and can
include javascript code. This vulnerability stems from an integer
overflow when Adobe Reader processes a particular parameter.
Now, integer overflows are fairly common, but leveraging them into
execution of arbitrary code is often tremendously difficult and crafty.
Whoever is behind this exploit managed to do it, introducing in the
process a rather innovative strategy (not universal though, it works
only on Adobe). There are 5 essential steps in the exploit:
read more http://www.fortiguard.com/analysis/pdfanalysis.html
Things you can do from here:
- Subscribe to Hacking Expose! using Google Reader
- Get started using Google Reader to easily keep up with all your favorite sites
No comments:
Post a Comment