[Nottingham] A wry combo: nspluginwrapper fixed and Adobe Updates for Multiple Vulnerabilities

Mat Booth mbooth at fedoraproject.org
Mon Jun 20 10:57:42 UTC 2011

On 16 June 2011 12:35, Martin <martin at ml1.co.uk> wrote:
> Anyhow, for a document reader and media player, what in cyberland is
> that application doing running arbitrary code in the first place? Is
> not a document merely static data that is merely read and displayed
> (and *never* to be 'executed')?... ;-) ( <-- An evil winkie! :-) )

It happens when the application is reading data into memory that
exceeds the allocated buffer and it overwrites adjacent sections of
memory that contains code to be executed. If you find such a buffer
overflow then you can craft a document whose contents will blat away
some sections of executable memory and when the program counter gets
to that point in memory, the OS starts executing the document as if it
were the program.

Mat Booth

More information about the Nottingham mailing list