Adobe Acrobat / Reader Plug-in Buffer Overflow Vulnerability

Started by Corrine, August 18, 2005, 01:02:34 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Corrine

TITLE:  Adobe Acrobat / Reader Plug-in Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:  SA16466
RELEASE DATE:  2005-08-16
LAST UPDATE:  2005-08-17
VERIFY ADVISORY:  http://secunia.com/advisories/16466/

CRITICAL:
  Highly critical
WHERE:  From remote
IMPACT:  System access

SOFTWARE: 
Adobe Acrobat 5.x
Adobe Acrobat 6.x
Adobe Acrobat 7.x
Adobe Acrobat Reader 5.x
Adobe Reader 6.x
Adobe Reader 7.x

DESCRIPTION:  A vulnerability has been reported in Adobe Reader and Adobe Acrobat, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified boundary error in the core application plug-in and can be exploited to cause a buffer overflow when a specially crafted file is opened.

Successful exploitation may allow execution of arbitrary code.


SOLUTION:  Install updated version.

Adobe Reader (Windows or Mac OS):  Update to version 7.0.3 or 6.0.4.
Adobe Reader (Linux or Solaris):  Update to version 7.0.1.
Adobe Acrobat (Windows or Mac OS):  Update to version 7.0.3, 6.0.4, or 5.0.10.


REPORTED BY CREDITS:  Reported by vendor.
CHANGELOG:  2005-08-17: Added link to US-CERT vulnerability note.
ORIGINAL ADVISORY:  Adobe:  http://www.adobe.com/support/techdocs/321644.html

OTHER REFERENCES:  US-CERT VU#896220:  http://www.kb.cert.org/vuls/id/896220


Source:  http://secunia.com/advisories/16466/


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.