The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2007-80/
* Adobe PageMaker version 7.0.1
The vulnerabilities are caused due to boundary errors when processing certain structures in a .PMD file. These can be exploited to cause stack-based and heap-based buffer overflows via e.g. a .PMD file with a specially crafted font structure.
Successful exploitation allows execution of arbitrary code.
The vendor will be releasing a fix for the stack-based buffer overflow shortly and is working on a fix for the heap-based buffer overflow.
23/10/2007 - Vendor notified.
24/10/2007 - Vendor response.
26/10/2007 - Additional vulnerability reported to vendor.
26/10/2007 - Vendor response.
13/11/2007 - Vendor acknowledges vulnerabilities.
05/12/2007 - Status update requested.
06/12/2007 - Vendor response (working on getting resources for development and testing).
21/01/2008 - Status update requested.
10/03/2008 - Status update requested.
12/03/2008 - Vendor response (new developer currently getting familiar with the code).
30/05/2008 - Vendor provides fix for testing and informs of expected release date on 10th June 2008.
02/06/2008 - Vendor asks for CVE identifier.
03/06/2008 - Vendor provided with CVE identifier and informed that only one of the vulnerabilities has been fixed in the supplied patch.
04/06/2008 - Vendor response (more time needed to address second vulnerability).
04/07/2008 - Status update requested. Informed vendor that release date now is set to end of October.
08/07/2008 - Vendor response (still trying to find resources to resolve the vulnerabilities).
30/09/2008 - Vendor provides status update.
01/10/2008 - Vendor informed of fixed disclosure date (29/10/2008).
27/10/2008 - Vendor provides status update and requests CVE identifier for the unpatched vulnerability.
28/10/2008 - Vendor provided with additional CVE identifier.
29/10/2008 - Public disclosure.
CVE-2007-5394 and CVE-2007-6021