Vulnerability Note VU#896220
Adobe Acrobat contains a remotely exploitable buffer overflow
OverviewA buffer overflow in Adobe Acrobat/Acrobat Reader may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition
I. DescriptionAdobe Acrobat is a suite of applications that allow users to manipulate PDF (Portable Document Format) files. A buffer within a core plug-in for Adobe Acrobat and Acrobat Reader can be overwritten using a specially-crafted PDF document.
For more information refer to Adobe Security Advisory 321644.
II. ImpactIf a remote attacker can persuade a user to access a specially crafted PDF file, that attacker may be able to execute arbitrary code or crash the Adobe Acrobat/Acrobat Reader process.
III. SolutionUpgrade to unaffected version
Upgrade to unaffected versions of Adobe Acrobat and Acrobat Reader. For a list of unaffected versions please see Adobe Security Advisory 321644.
Do not accept PDF files from untrusted sources
Exploitation occurs by accessing a specially crafted PDF file. By only accessing PDF files from trusted or known sources, the chances of exploitation are reduced.
Systems Affected
References
http://www.adobe.com/support/techdocs/321644.html
Credit
This vulnerability was reported by Adobe Systems.
This document was written by Jeff Gennari.
Other Information
| Date Public | 08/16/2005 |
| Date First Published | 08/16/2005 02:33:49 PM |
| Date Last Updated | 09/08/2005 |
| CERT Advisory | |
| CVE Name | CAN-2005-2470 |
| Metric | 12.91 |
| Document Revision | 38 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
