HTTP: Adobe PageMaker Key Strings Stack Buffer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in the way Adobe PageMaker processes PMD files. It is due to lack of input validation while parsing user-supplied data in PMD files. A remote attacker can exploit this by enticing the target user to open malicious PMD files. In a successful attack, the behavior of the target depends on the intention of the attacker. Any code injected is executed within the security context of the currently logged in user. In an unsuccessful code execution attack, the affected application terminates from the current session.
Extended Description
Adobe PageMaker is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe PageMaker 7.0.1 and 7.0.2 are vulnerable.
Affected Products
Adobe pagemaker
References
BugTraq: 31999
CVE: CVE-2007-6432
URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=749
Short Name
HTTP:STC:DL:PAGEMAKER-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Adobe Buffer CVE-2007-6432 Key Overflow PageMaker Stack Strings bid:31999
Release Date
10/18/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3704
False Positive
Unknown
Vendors
Adobe
CVSS Score
9.3