The document discusses exploiting vulnerabilities in Adobe JavaScript and PDF files. It describes several exploits that take advantage of bugs in built-in functions/methods to trigger errors like stack overflows or memory corruption. Examples of exploited functions include customDictionaryOpen(), GetAnnots(), and getIcon(). Links are provided to exploits that can achieve code execution on vulnerable Adobe Reader versions.
With Web Services and mobile devices we must think Beyond "Resource and User". It's thinking about a global repository about "what you can do from where"... It gives you trend to build a database that hosts these rights.
The document provides an agenda for a Rascal Codefest event on March 3, 2010. It lists the presenters and provides an outline of the topics to be covered, including lightning introductions, a coding game, analysis, visualization, transformations, disclaimers, and an introduction to using Rascal.
The document provides an overview of virtualization technology, including definitions of virtualization, classifications of virtualization techniques, and discussions of process VMs, system VMs, and virtual machine monitor implementation issues and security research. It defines virtualization as making one computer system appear to be another system and discusses how virtualization provides abstraction through defined interfaces between layers.
MgnlKickstart - Develop Magnolia Websites Faster, Better And EasierVivian Steller
MgnlKickstart is a tool for web developers, that tremendously eases creating fully custom, content manageable websites with the open source, enterprise-grade content management system Magnolia.
The document discusses the role of grassroots, media art practices and pedagogy informed by such practices. It describes Furtherfield.org, a community and online platform that supports experimental art, technology and social change. It discusses how Furtherfield.org takes a constructivist and practice-based approach to learning, encouraging collaboration and engagement. It raises the question of what role such a pedagogy could play in renegotiating relationships and promoting agency during the current environmental crisis.
Shellcode and heapspray detection in phoneycZ Chen
The document discusses using the libemu library to detect shellcode and heapspray in the Python honeyclient phoneyc. Libemu allows for shellcode detection using x86 instruction emulation and GetPC heuristics. The document outlines integrating libemu into phoneyc to defend browsers against drive-by downloads and heap-spraying code injection attacks in web-based malware.
El sistema nervioso dirige y controla las funciones del organismo a través de la transmisión eléctrica y química de impulsos nerviosos entre neuronas. Está compuesto por el sistema nervioso central (encéfalo y médula espinal) y el sistema nervioso periférico (somático y autónomo), y su correcto funcionamiento depende de factores como una dieta saludable, ejercicio regular y evitar sustancias dañinas como drogas y alcohol.
With Web Services and mobile devices we must think Beyond "Resource and User". It's thinking about a global repository about "what you can do from where"... It gives you trend to build a database that hosts these rights.
The document provides an agenda for a Rascal Codefest event on March 3, 2010. It lists the presenters and provides an outline of the topics to be covered, including lightning introductions, a coding game, analysis, visualization, transformations, disclaimers, and an introduction to using Rascal.
The document provides an overview of virtualization technology, including definitions of virtualization, classifications of virtualization techniques, and discussions of process VMs, system VMs, and virtual machine monitor implementation issues and security research. It defines virtualization as making one computer system appear to be another system and discusses how virtualization provides abstraction through defined interfaces between layers.
MgnlKickstart - Develop Magnolia Websites Faster, Better And EasierVivian Steller
MgnlKickstart is a tool for web developers, that tremendously eases creating fully custom, content manageable websites with the open source, enterprise-grade content management system Magnolia.
The document discusses the role of grassroots, media art practices and pedagogy informed by such practices. It describes Furtherfield.org, a community and online platform that supports experimental art, technology and social change. It discusses how Furtherfield.org takes a constructivist and practice-based approach to learning, encouraging collaboration and engagement. It raises the question of what role such a pedagogy could play in renegotiating relationships and promoting agency during the current environmental crisis.
Shellcode and heapspray detection in phoneycZ Chen
The document discusses using the libemu library to detect shellcode and heapspray in the Python honeyclient phoneyc. Libemu allows for shellcode detection using x86 instruction emulation and GetPC heuristics. The document outlines integrating libemu into phoneyc to defend browsers against drive-by downloads and heap-spraying code injection attacks in web-based malware.
El sistema nervioso dirige y controla las funciones del organismo a través de la transmisión eléctrica y química de impulsos nerviosos entre neuronas. Está compuesto por el sistema nervioso central (encéfalo y médula espinal) y el sistema nervioso periférico (somático y autónomo), y su correcto funcionamiento depende de factores como una dieta saludable, ejercicio regular y evitar sustancias dañinas como drogas y alcohol.
Dmitry Baranovskiy gave a talk on writing JavaScript libraries. He recommended spending more time on the API than functionality, and making the API as simple as possible. He also stressed the importance of performance, especially for IE6, and making the library bulletproof to work with other code. Shrinking file size is also important for JavaScript libraries.
David Nuescheler: Igniting CQ 5.3: What's New and RoadmapDay Software
This document provides a roadmap and overview of CQ 5.3. It discusses improvements and new features in CQ 5.3 including easier use, more robustness, and 500 fixes and enhancements. It outlines stakeholder groups and introduces new tools like CRXDE Lite and the Package Share system. The document discusses future plans including investments in technologies like the cloud, JCR 2.0, and releases of CQ 5.4 and 5.5. It emphasizes that agility matters for business, authors, developers and infrastructure.
The document provides a roadmap for CQ 5.3, highlighting key features and investments. It summarizes enhancements in usability, performance, and development tools. It also outlines the product release plan, with milestones for JCR, CMIS, HTTPbis, and future versions of CQ and CRX. The cloud is positioned as an agile alternative to on-premise hardware.
Node.js is a JavaScript runtime environment built on Chrome's V8 JavaScript engine. It allows JavaScript to be used for server-side scripting and is primarily used for real-time web applications and extensive I/O applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient for data-intensive real-time applications that run across distributed devices.
In this presentation, we discuss taking advantage of native iOS features on Titanium both through code and configuration, as well as how to use Apple's toolchain for iOS development to be more productive and produce better products.
Some topics that we'll cover include:
Using Apple's toolchain:
- Debugging app internals
- Custom-configuring plists
- Titanium 'export' and switching to xcode
APIs & Titanium:
- iOS-specific tiapp.xml settings
- App lifecycle on iOS
- View lifecycles & layout
- Memory management 'gotchas'
The document discusses challenges in designing, developing, and deploying Rich Internet Applications (RIAs). It outlines the methodology used, which included studying RIAs through online resources and hands-on experience with tools. Issues addressed include choosing technologies, cross-browser compatibility, and handling deployment. Potential solutions explored using Adobe Flex, AJAX, Microsoft Silverlight, and evaluating each for the specific application requirements. The conclusion recommends RIAs for applications like catalogs and making recommendations for designing RIAs.
The document provides an overview of the Java programming language and platform. It discusses that Java was created by James Gosling at Sun Microsystems and is an object-oriented language that is designed to be robust, have good performance, and support multi-threading. The document also outlines key Java concepts like classes, objects, encapsulation, inheritance, and polymorphism. It explains how Java uses a write once, run anywhere approach and how the Java Virtual Machine works. Finally, it summarizes the main Java editions: Standard Edition for desktop apps, Enterprise Edition for business software, and Micro Edition for limited devices.
JavaScript allows for metaprogramming through manipulating programs as data. It relies on few but powerful constructs including working with functions, arguments, built-in types, and mechanisms like inheritance at runtime. The key building blocks are objects, numbers, strings, booleans, and undefined, with everything else being objects. Functions are objects that can return other functions, taking advantage of closures to refer to outer variables from inner functions. This flexibility allows for patching implementations, self-optimizing code, custom APIs, and domain-specific languages.
Cover the advantages of test driven development, the reasons for pushing it all the way to the browser level, and then explore the options for testing JavaScript, look at some examples, and then integrate the tests into our existing development workflow.
This presentation provided an overview of research being conducted at the Apex Lab at Shanghai Jiao Tong University. It began with introductions to Shanghai Jiao Tong University and the Apex Lab itself. It then discussed the lab's research areas including traditional web search, social web search, semantic web search, and machine learning. Specific projects in each area were briefly described. The presentation concluded with a demo of Hermes, a semantic search engine designed to handle billions of triples from heterogeneous data sources on the open web.
Presentation given at ZendCon 08 and Web 2.0 Expo NYC 2008 by Ben Galbraith and Dion Almaer. The presentation includes a lot of embedded videos and transitions and the slides are meant to support a spoken narrative, not replace it. Still, these are provided by request and I hope they'll be of help.
This document provides an overview of how SpringSource is making it easier for Java and Grails developers to build MongoDB applications. It begins with an introduction to the presenter and agenda. It then provides background on the Spring framework and how Spring Data and MongoDB simplify data access and integration. The document introduces Grails and demonstrates how to use Grails with MongoDB, including examples of domain classes, repositories, and relationships. It concludes by discussing future ideas for tighter integration between Spring and MongoDB.
Creative Coders March 2013 - Introducing Starling FrameworkHuijie Wu
Stage3D was introduced in Flash Player 11 to leverage the GPU for hardware-accelerated 3D rendering. It offloads rendering tasks to the GPU to achieve higher frame rates and more detailed 3D scenes. The Starling framework is a 2D graphics library built on top of Stage3D that provides a familiar display list API. Starling Feathers is an extension that provides reusable UI controls. The Adobe Gaming SDK packages these technologies along with tools to simplify game development.
Jopenmetaverse is a pure java implementation of client of 3D Virtual World Simulator called OpenSim.
You can get the source code from https://bitbucket.org/jchauhan/jopenmetaverse
Django On Jython (for Portland and Boulder Python user groups presentations)Leonardo Soto
The document discusses using Django on the Jython platform. Some key points:
- Jython allows running Python code on the Java Virtual Machine (JVM), compiling Python to Java bytecode. This enables using Java libraries and deploying Python applications on Java application servers.
- Django projects can be packaged and deployed as a WAR (Web ARchive) file, making use of the standard Java web application deployment format.
- Using Django on Jython provides performance and scalability benefits from running on the JVM and ability to integrate with the large Java ecosystem, like databases and libraries.
Javaland 2017: "You´ll do microservices now". Now what?André Goliath
The slides for my talk at JavaLand 2017. Note: The slides are in english, only the title is german. The talk is all about do's and dont's in microservice landscapes.
Android Internals (This is not the droid you’re loking for...)Giacomo Bergami
- The document discusses creating native Android applications using the NDK and cross-compiling C/C++ code to run on Android.
- It provides an example of a simple client-server program written in C that is compiled to run within the Android emulator, without using any Google APIs.
- The key steps are setting up the Android development environment, cross-compiling the C code using the NDK flags and libraries, and running the resulting binary within an Android emulator.
This document discusses Eclipse code recommenders, which leverage collective intelligence in software development. Eclipse code recommenders observe how frameworks are commonly used and extended to provide intelligent code completion, usage-driven Javadocs, code example recommendations, and smart bug detection. They work by mining development data to extract patterns on how frameworks are reused and then surface those recommendations to developers. The system aims to help developers by recommending what others frequently do based on past usage. It analyzes collected data on framework usage to build recommender models and provide suggestions to developers.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
More Related Content
Similar to Leveraging Adobe JavaScript Virtual Machine
Dmitry Baranovskiy gave a talk on writing JavaScript libraries. He recommended spending more time on the API than functionality, and making the API as simple as possible. He also stressed the importance of performance, especially for IE6, and making the library bulletproof to work with other code. Shrinking file size is also important for JavaScript libraries.
David Nuescheler: Igniting CQ 5.3: What's New and RoadmapDay Software
This document provides a roadmap and overview of CQ 5.3. It discusses improvements and new features in CQ 5.3 including easier use, more robustness, and 500 fixes and enhancements. It outlines stakeholder groups and introduces new tools like CRXDE Lite and the Package Share system. The document discusses future plans including investments in technologies like the cloud, JCR 2.0, and releases of CQ 5.4 and 5.5. It emphasizes that agility matters for business, authors, developers and infrastructure.
The document provides a roadmap for CQ 5.3, highlighting key features and investments. It summarizes enhancements in usability, performance, and development tools. It also outlines the product release plan, with milestones for JCR, CMIS, HTTPbis, and future versions of CQ and CRX. The cloud is positioned as an agile alternative to on-premise hardware.
Node.js is a JavaScript runtime environment built on Chrome's V8 JavaScript engine. It allows JavaScript to be used for server-side scripting and is primarily used for real-time web applications and extensive I/O applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient for data-intensive real-time applications that run across distributed devices.
In this presentation, we discuss taking advantage of native iOS features on Titanium both through code and configuration, as well as how to use Apple's toolchain for iOS development to be more productive and produce better products.
Some topics that we'll cover include:
Using Apple's toolchain:
- Debugging app internals
- Custom-configuring plists
- Titanium 'export' and switching to xcode
APIs & Titanium:
- iOS-specific tiapp.xml settings
- App lifecycle on iOS
- View lifecycles & layout
- Memory management 'gotchas'
The document discusses challenges in designing, developing, and deploying Rich Internet Applications (RIAs). It outlines the methodology used, which included studying RIAs through online resources and hands-on experience with tools. Issues addressed include choosing technologies, cross-browser compatibility, and handling deployment. Potential solutions explored using Adobe Flex, AJAX, Microsoft Silverlight, and evaluating each for the specific application requirements. The conclusion recommends RIAs for applications like catalogs and making recommendations for designing RIAs.
The document provides an overview of the Java programming language and platform. It discusses that Java was created by James Gosling at Sun Microsystems and is an object-oriented language that is designed to be robust, have good performance, and support multi-threading. The document also outlines key Java concepts like classes, objects, encapsulation, inheritance, and polymorphism. It explains how Java uses a write once, run anywhere approach and how the Java Virtual Machine works. Finally, it summarizes the main Java editions: Standard Edition for desktop apps, Enterprise Edition for business software, and Micro Edition for limited devices.
JavaScript allows for metaprogramming through manipulating programs as data. It relies on few but powerful constructs including working with functions, arguments, built-in types, and mechanisms like inheritance at runtime. The key building blocks are objects, numbers, strings, booleans, and undefined, with everything else being objects. Functions are objects that can return other functions, taking advantage of closures to refer to outer variables from inner functions. This flexibility allows for patching implementations, self-optimizing code, custom APIs, and domain-specific languages.
Cover the advantages of test driven development, the reasons for pushing it all the way to the browser level, and then explore the options for testing JavaScript, look at some examples, and then integrate the tests into our existing development workflow.
This presentation provided an overview of research being conducted at the Apex Lab at Shanghai Jiao Tong University. It began with introductions to Shanghai Jiao Tong University and the Apex Lab itself. It then discussed the lab's research areas including traditional web search, social web search, semantic web search, and machine learning. Specific projects in each area were briefly described. The presentation concluded with a demo of Hermes, a semantic search engine designed to handle billions of triples from heterogeneous data sources on the open web.
Presentation given at ZendCon 08 and Web 2.0 Expo NYC 2008 by Ben Galbraith and Dion Almaer. The presentation includes a lot of embedded videos and transitions and the slides are meant to support a spoken narrative, not replace it. Still, these are provided by request and I hope they'll be of help.
This document provides an overview of how SpringSource is making it easier for Java and Grails developers to build MongoDB applications. It begins with an introduction to the presenter and agenda. It then provides background on the Spring framework and how Spring Data and MongoDB simplify data access and integration. The document introduces Grails and demonstrates how to use Grails with MongoDB, including examples of domain classes, repositories, and relationships. It concludes by discussing future ideas for tighter integration between Spring and MongoDB.
Creative Coders March 2013 - Introducing Starling FrameworkHuijie Wu
Stage3D was introduced in Flash Player 11 to leverage the GPU for hardware-accelerated 3D rendering. It offloads rendering tasks to the GPU to achieve higher frame rates and more detailed 3D scenes. The Starling framework is a 2D graphics library built on top of Stage3D that provides a familiar display list API. Starling Feathers is an extension that provides reusable UI controls. The Adobe Gaming SDK packages these technologies along with tools to simplify game development.
Jopenmetaverse is a pure java implementation of client of 3D Virtual World Simulator called OpenSim.
You can get the source code from https://bitbucket.org/jchauhan/jopenmetaverse
Django On Jython (for Portland and Boulder Python user groups presentations)Leonardo Soto
The document discusses using Django on the Jython platform. Some key points:
- Jython allows running Python code on the Java Virtual Machine (JVM), compiling Python to Java bytecode. This enables using Java libraries and deploying Python applications on Java application servers.
- Django projects can be packaged and deployed as a WAR (Web ARchive) file, making use of the standard Java web application deployment format.
- Using Django on Jython provides performance and scalability benefits from running on the JVM and ability to integrate with the large Java ecosystem, like databases and libraries.
Javaland 2017: "You´ll do microservices now". Now what?André Goliath
The slides for my talk at JavaLand 2017. Note: The slides are in english, only the title is german. The talk is all about do's and dont's in microservice landscapes.
Android Internals (This is not the droid you’re loking for...)Giacomo Bergami
- The document discusses creating native Android applications using the NDK and cross-compiling C/C++ code to run on Android.
- It provides an example of a simple client-server program written in C that is compiled to run within the Android emulator, without using any Google APIs.
- The key steps are setting up the Android development environment, cross-compiling the C code using the NDK flags and libraries, and running the resulting binary within an Android emulator.
This document discusses Eclipse code recommenders, which leverage collective intelligence in software development. Eclipse code recommenders observe how frameworks are commonly used and extended to provide intelligent code completion, usage-driven Javadocs, code example recommendations, and smart bug detection. They work by mining development data to extract patterns on how frameworks are reused and then surface those recommendations to developers. The system aims to help developers by recommending what others frequently do based on past usage. It analyzes collected data on framework usage to build recommender models and provide suggestions to developers.
Similar to Leveraging Adobe JavaScript Virtual Machine (20)
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Leveraging Adobe JavaScript Virtual Machine
1. Adobe JS
Z Chen
About Adobe
Javascript
Exploits
.
.
Overview
Leveraging Adobe JavaScript Virtual Machine
Try It Out! .
.. .
.
Samples In the
Wild
Zhijie Chen1
1 Engeineering Research Center of Information Security,ICST,PKU
May 15, 2009
JoYAN . . . . . .
2. Contents
Adobe JS
Z Chen
About Adobe
Javascript
.
Exploits . . About Adobe Javascript
1
Overview
Try It Out!
.
Samples In the
Wild . . Exploits Overview
2
.
. . Try It Out!
3
.
. . Samples In the Wild
4
JoYAN 2
3. Contents
Adobe JS
Z Chen
.
About Adobe
Javascript . . About Adobe Javascript
1
Exploits
Overview
Try It Out! .
Samples In the
. . Exploits Overview
2
Wild
.
. . Try It Out!
3
.
. . Samples In the Wild
4
JoYAN 3
4. What can it do?
Adobe JS
Z Chen .
Adobe Javascript .
About Adobe ..
Javascript Adobe JavaScripts can be created for batch processing of multi-
Exploits ple documents, processing within a single document, processing
Overview
for a given page, and processing for a single form field...
Try It Out!
Samples In the Customize the behavior of a particular PDF document.
Wild
Customize Acrobat itself.
Implement security policies.
Interact with databases and web services.
Dynamically alter the appearance of a PDF document
Capture user-entered data from form fields.
Submit those data through SOAP-based Web Services.
. Surpport for online team review.
.. .
JoYAN
.
4
5. Adobe JS Objects
Adobe JS
Z Chen
.
Acrobat JavaScript defines several objects that allow your code.
About Adobe
Javascript
to interact with Acrobat, a PDF document, or form fields within
Exploits
a
. PDF document.
.. .
.
Overview
Try It Out!
.
Object Purpose Object Purpose .
Samples In the
Wild app Acrobat doc PDF document
dbg JavaScript debugger console JavaScript console
global Persistent and cross- util JavaScript utility
document information methods
dialog Adobe Dialog Man- security Encryption and digital
ager (ADM) signatures
SOAP Web Services search Searching and index-
ing
ADBC Database connections event JavaScript events
and queries
.
JoYAN
.. .
.
5
6. Adobe JS
Z Chen
About Adobe
Javascript
Exploits
Overview .
Tools I use for manipulating pdf files .
Try It Out! ..
Samples In the pdftk: PDF toolkit. “If PDF is electronic paper, then pdftk
Wild
is an electronic staple-remover, hole-punch, binder, secret-
decoder-ring, and X-Ray-glasses. ”
. Scribus: Open Source Desktop Publishing.
.. .
.
JoYAN 6
7. Contents
Adobe JS
Z Chen
.
About Adobe
Javascript . . About Adobe Javascript
1
Exploits
Overview
Try It Out! .
Samples In the
. . Exploits Overview
2
Wild
.
. . Try It Out!
3
.
. . Samples In the Wild
4
JoYAN 7
8. Adobe PDF Exploit List
Adobe JS
Z Chen
.
Exlpoits List from Milw0rm .
About Adobe
Javascript
..
Adobe Acrobat Reader 8.1.2 – 9.0 getIcon() Memory Corruption Ex-
Exploits
Overview ploit
Try It Out! Adobe 8.1.4/9.1 customDictionaryOpen() Code Execution Exploit
Samples In the Adobe Reader 8.1.4/9.1 GetAnnots() Remote Code Execution Exploit
Wild
Adobe Acrobat Reader JBIG2 Universal Exploit Bind Shell port 5500
Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit
Adobe Acrobat 9 ActiveX Remote Denial of Service Exploit
Adobe Acrobat Reader <= 8.1.2 Malformed PDF Remote DOS PoC
Adobe Reader plug-in AcroPDF.dll 8.0.0.0 Resource Consumption
Adobe Acrobat Reader Plugin <= 7.0.x (acroreader) XSS Vulnerability
. Adobe Reader 7.0.8.0 AcroPDF.dll Internet Explorer Denial of Service
.. .
.
JoYAN 8
9. Leveragine Type I
Adobe JS
Z Chen
About Adobe
Javascript
Exploits
Overview
Try It Out!
Samples In the Play with the bugs when invoking a built-in function/method
Wild
within the Javascript context.
Easy to trigger and exploit.
JoYAN 9
10. Adobe 8.1.4/9.1 customDictionaryOpen() Code Execution Exploit
Adobe JS
Z Chen
About Adobe
Javascript
Exploits
Overview
Try It Out!
Samples In the
Wild http://milw0rm.com/exploits/8570
JoYAN 10
11. Adobe Reader 8.1.4/9.1 GetAnnots() Remote Code Execution Exploit
Adobe JS
Z Chen
About Adobe
Javascript
Exploits
Overview
Try It Out!
Samples In the
Wild
http://milw0rm.com/exploits/8569
Not a stack overflow?
JoYAN 11
12. Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit
Adobe JS
Z Chen
About Adobe
Javascript
Exploits
Overview
Try It Out!
Samples In the
Wild
http://milw0rm.com/exploits/7006
http://milw0rm.com/exploits/6994
JoYAN 12
13. Adobe Acrobat Reader 8.1.2 – 9.0 getIcon() Memory Corruption Exploit
Adobe JS
Z Chen .
http://milw0rm.com/exploits/8595 .
About Adobe ..
Javascript Affected Version : Acrobat Reader 8.1.2 - 9.0
Exploits
Overview Tested On : XP SP2 / SP3
Try It Out! Description : This vulnerability allows remote attackers to
Samples In the
Wild
execute arbitrary code on vulnerable installations of Adobe
Acrobat and Adobe Reader. User interaction is required in
that a user must visit a malicious web site or open a mali-
cious file.The specific flaw exists when processing malicious
JavaScript contained in a PDF document. When supply-
ing a specially crafted argument to the getIcon() method of
a Collab object, proper bounds checking is not performed
resulting in a stack overflow.
. Failed to uncompress it :(.
.. .
JoYAN
.
13
14. Leveragine Type II
Adobe JS
Z Chen
About Adobe
Javascript
Exploits
Overview
Try It Out!
Samples In the
Wild
Play with the bugs when parsering a malformed pdf file.
Only use the javascript to perform a heapspray.
JoYAN 14
15. Adobe Acrobat Reader JBIG2 Local Buffer Overflow
Adobe JS
Z Chen
About Adobe
Javascript
Exploits
Overview
Try It Out!
Samples In the
http://vrt-sourcefire.blogspot.com/2009/02/have-nice-weekend-pdf-love.h
Wild
http://milw0rm.com/exploits/8099
http://milw0rm.com/exploits/8280
JoYAN 15
16. Leveragine Type III
Adobe JS
Z Chen
.
About Adobe Play with the urls. .
Javascript
Exploits I don’t know whether it works in the browser context or pdf reader
Overview
context..
Try It Out!
Samples In the Adobe PDF Reader plug-in AcroPDF.dll ver. 8.0.0.0 Resource
Wild
Consumption:http://milw0rm.com/exploits/3430
Adobe Acrobat Reader Plugin <= 7.0.x (acroreader) XSS Vul-
nerability:http://milw0rm.com/exploits/3084
Adobe Reader 7.0.8.0 AcroPDF.dll Internet Explorer Denial of
Service:http://milw0rm.com/exploits/3040
Adobe Acrobat 9 ActiveX Remote Denial of Service Ex-
. ploit:http://milw0rm.com/exploits/6424
.. .
.
JoYAN 16
17. To be continued...
Adobe JS
Z Chen
About Adobe
Javascript
Exploits
Overview
Try It Out! .
Those I can’t RE them: .
Samples In the ..
Wild
. ..
1 Adobe Acrobat Reader <= 8.1.2 Reader Remote Denial Of
. Service:http://milw0rm.com/exploits/5687, Overflow?
.. .
.
JoYAN 17
18. Contents
Adobe JS
Z Chen
.
About Adobe
Javascript . . About Adobe Javascript
1
Exploits
Overview
Try It Out! .
Samples In the
. . Exploits Overview
2
Wild
.
. . Try It Out!
3
.
. . Samples In the Wild
4
JoYAN 18
19. Try it out!
Adobe JS
Z Chen
About Adobe
Javascript
Exploits
Overview
.
Try It Out! Adobe Reader util.printf() JavaScript Function Stack Over-.
Samples In the
Wild
flow Exploit
..
http://milw0rm.com/exploits/7006
. http://milw0rm.com/exploits/6994
.. .
.
JoYAN 19
20. Contents
Adobe JS
Z Chen
.
About Adobe
Javascript . . About Adobe Javascript
1
Exploits
Overview
Try It Out! .
Samples In the
. . Exploits Overview
2
Wild
.
. . Try It Out!
3
.
. . Samples In the Wild
4
JoYAN 20
21. Sample in the wild
Adobe JS
Z Chen
About Adobe
Javascript
Exploits
Overview
Try It Out!
.
Samples In the 50.2 .
Wild ..
hxxp://172.31.25.229/acroPDF.htm
.
.. .
.
JoYAN 21
22. Adobe JS
Z Chen
About Adobe
Javascript
Exploits
Overview
Try It Out!
.
Samples In the
Wild
..
Thank you ! .
.. .
.
JoYAN 22