SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Acrobat/Reader Vendors:   Adobe Systems Incorporated
Adobe Reader Buffer Overflow in UnixAppOpenFilePerform() May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1014390
SecurityTracker URL:  http://securitytracker.com/id/1014390
CVE Reference:   CVE-2005-1625   (Links to External Site)
Updated:  Jul 5 2005
Original Entry Date:  Jul 5 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0.9, 5.0.10
Description:   A buffer overflow vulnerability was reported in Adobe Reader, affecting Linux/UNIX systems. A remote user can execute arbitrary code.

A remote user can create a specially crafted PDF file that, when opened by the target user with Adobe Reader, will trigger a stack overflow in the Adobe Reader control and potentially execute arbitrary code. The code will run with the privileges of the target user.

The vulnerability resides in the UnixAppOpenFilePerform() function. A document containing a '/Filespec' tag can trigger the overflow.

The vendor was notified on May 12, 2005.

iDEFENSE Labs discovered this vulnerability.

Impact:   A remote user can cause arbitrary code to be executed by the target user's Adobe Reader application with the privileges of the target user.
Solution:   The vendor has issued a fixed version (5.0.11, 7.0).

Users of Adobe Reader 5.0.9 or 5.0.10 on Linux or Solaris can download Adobe Reader 7.0, available at:

http://www.adobe.com/products/acrobat/readstep2.html

Users of Adobe Reader 5.0.9 or 5.0.10 on IBM-AIX or HP-UX can download Adobe Reader 5.0.11, available at:

http://www.adobe.com/products/acrobat/readstep2.html

Vendor URL:  www.adobe.com/support/techdocs/329083.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 8 2005 (Red Hat Issues Fix) Adobe Reader Buffer Overflow in UnixAppOpenFilePerform() May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for Red Hat Enterprise Linux Extras.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC