Comments on: CVE-2009-2979 Or The XML-Bombed PDF http://blog.didierstevens.com/2009/11/02/cve-2009-2979-or-the-xml-bombed-pdf/ (blog 'DidierStevens) Sat, 11 Feb 2012 16:16:49 +0000 hourly 1 http://wordpress.com/ By: Didier Stevens http://blog.didierstevens.com/2009/11/02/cve-2009-2979-or-the-xml-bombed-pdf/#comment-36065 Tue, 03 Nov 2009 08:45:31 +0000 http://blog.didierstevens.com/?p=1823#comment-36065 I discovered this bug by accident, and I spent some time reversing but didn’t get EIP control.

The Hack.lu slides are available on the hack.lu site: http://2009.hack.lu/archive/2009/

]]> By: janus http://blog.didierstevens.com/2009/11/02/cve-2009-2979-or-the-xml-bombed-pdf/#comment-36061 Mon, 02 Nov 2009 11:43:33 +0000 http://blog.didierstevens.com/?p=1823#comment-36061 Interesting, although I don’t see how it can be a useful exploit yet besides DOS. Is it possible to have it execute shellcode?

Also, when (if) will you post your talk from hack.lu?

]]>