Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-6021 to a friend New vulnerability? New tool? Tell us	CVE-2007-6021 Adobe PageMaker PMD File Processing Buffer Overflows     Credit: The information has been provided by Secunia Research. The original article can be found at: http://secunia.com/secunia_research/2007-80/ Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-6021 Details Check for CVE-2007-6021 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Adobe PageMaker version 7.0.1 The vulnerabilities are caused due to boundary errors when processing certain structures in a .PMD file. These can be exploited to cause stack-based and heap-based buffer overflows via e.g. a .PMD file with a specially crafted font structure. Successful exploitation allows execution of arbitrary code. Solution: The vendor will be releasing a fix for the stack-based buffer overflow shortly and is working on a fix for the heap-based buffer overflow. Time Table: 23/10/2007 - Vendor notified. 24/10/2007 - Vendor response. 26/10/2007 - Additional vulnerability reported to vendor. 26/10/2007 - Vendor response. 13/11/2007 - Vendor acknowledges vulnerabilities. 05/12/2007 - Status update requested. 06/12/2007 - Vendor response (working on getting resources for development and testing). 21/01/2008 - Status update requested. 10/03/2008 - Status update requested. 12/03/2008 - Vendor response (new developer currently getting familiar with the code). 30/05/2008 - Vendor provides fix for testing and informs of expected release date on 10th June 2008. 02/06/2008 - Vendor asks for CVE identifier. 03/06/2008 - Vendor provided with CVE identifier and informed that only one of the vulnerabilities has been fixed in the supplied patch. 04/06/2008 - Vendor response (more time needed to address second vulnerability). 04/07/2008 - Status update requested. Informed vendor that release date now is set to end of October. 08/07/2008 - Vendor response (still trying to find resources to resolve the vulnerabilities). 30/09/2008 - Vendor provides status update. 01/10/2008 - Vendor informed of fixed disclosure date (29/10/2008). 27/10/2008 - Vendor provides status update and requests CVE identifier for the unpatched vulnerability. 28/10/2008 - Vendor provided with additional CVE identifier. 29/10/2008 - Public disclosure. CVE Information: CVE-2007-5394 and CVE-2007-6021  Comments on CVE-2007-6021:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®