Acrobat Acrobat Font Parsing Integer Overflow Vulnerability



EDB-ID: 14642 CVE: 2010-2862 OSVDB-ID: 66859
Author: Ramz Afzar Published: 2010-08-14 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
From the authors site:

In this article, I'm going to share with you my observations and analysis on recent Adobe Acrobat Font Parsing vulnerability. Source document exists here:

http://securityevaluators.com/files/papers/CrashAnalysis.pdf (page 51-58)

After reading the paper, I started studying the TTF format. After initial research, I wrote this script:

Writeup and proof of concept files included in archive file.

http://www.exploit-db.com/sploits/VA010-003.tgz