Adobe Reader/Acrobat Lets Remote Users Execute Arbitrary Applications
|
|
SecurityTracker Alert ID: 1014318
|
|
SecurityTracker URL: http://securitytracker.com/id?1014318
|
|
CVE Reference: CAN-2005-1623
(Links to External Site)
|
Date: Jun 28 2005
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Adobe Advisory
|
Version(s): Adobe Acrobat and Adobe Reader 7.0 and 7.0.1
|
Description: A vulnerability was reported in Adobe Reader and Adobe Acrobat. A remote user may be able to execute arbitrary applications on the target user's system.
A remote user can create a PDF file embedded with specially crafted JavaScript. When the PDF file is opened by the target user,
the scripting code can launch applications with known pathnames and filenames. The applications will run with the privileges of
the target user.
The vendor credits Aandi Inston with reporting this vulnerability.
|
Impact: A remote user may be able to execute arbitrary applications on the target user's system with the privileges of the target user.
|
Solution: The vendor has issued a fixed version (7.0.2), available at:
http://www.adobe.com/support/downloads/
|
Vendor URL: www.adobe.com/support/techdocs/331709.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: UNIX (OS X)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 28 Jun 2005 03:29:51 -0400
Subject: http://www.adobe.com/support/techdocs/331709.html
|
> Arbitrary application execution from a malicious PDF document (Mac OS)
>
> Advisory Name: Arbitrary application execution from a malicious PDF document
>
> Release Date: June 27th, 2005
>
> Product: Adobe Reader 7.0 and 7.0.1, Adobe Acrobat 7.0 and 7.0.1
>
> Platform: Mac OS
>
> Vulnerability Identifier: CAN-2005-1623
|
|
