[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Adobe Reader invalid root page node Count value DOS
From: Hongzhen Zhou <felix__zhou () hotmail ! com>
Date: 2005-02-18 1:33:22
Message-ID: 20050218013322.12994.qmail () www ! securityfocus ! com
[Download RAW message or body]
Adobe Reader invalid root page node Count value DOS
Author
======
Fortinet,inc (hongzhen zhou <felix__zhou _at_ hotmail _dot_ com>)
Vulnerable
==========
Acrobat Reader 7.0.0 for Windows (English Version) -- latest version
Acrobat Reader 6.0.3 for Windows (Simplied Chinese Version)
( Other versions are not tested. )
Description
===========
When the "Count" value of the root page node set to a negative digit, the Adobe \
Reader may not crash immediately, but if the user used mouse to click the client \
rectangle of the Reader immediately, then it died. I change the "PageMode" value of \
"Catalog" to "FullScreen"(that means display the document in full-screen mode),
then the Reader crashes immediately and automatically:).
POC
===
http://www.xfocus.net/tools/200502/POC.pdf
[prev in list] [next in list] [prev in thread] [next in thread]