[Vulnerable] Adobe Acrobat / Reader File Extension

Adobe Acrobat / Reader File Extension Buffer Overflow Vulnerability
http://secunia.com/advisories/12053/


Secunia Advisory: SA12053
Release Date: 2004-07-13

Critical: Moderately critical
Impact: System access
Where: From remote

Software: Adobe Acrobat 6.x
Adobe Reader 6.x

Choose a product and view comprehensive vulnerability statistics and
all Secunia advisories affecting it.

CVE reference: CAN-2004-0632

Description:
Greg MacManus has discovered a vulnerability in Adobe Acrobat /
Reader, which potentially can be exploited by malicious people to
compromise a user's system.

The vulnerability is caused due to a parsing and boundary error when
splitting filename paths into components. This causes a stack-based
buffer overflow when opening a file with an overly long, unhandled
file extension.

Successful exploitation requires that a user is tricked into opening a
malicious PDF document.

Solution:
Update to version 6.0.2.
http://www.adobe.com/support/techdocs/34222.htm

Provided and/or discovered by:
Greg MacManus, iDEFENSE.

Original Advisory:
http://www.idefense.com/applicat...?id6&type=vulnerabilities



Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


«Prefiero molestar con la verdad que complacer con adulaciones (Lucio Anneo Seneca)»