Vulnerability Note VU#253024

Adobe Acrobat Reader for UNIX contains a buffer overflow in mailListIsPdf()

Original Release date: 20 Jan 2005 | Last revised: 09 Mar 2005

Overview

A buffer overflow in Adobe Acrobat Reader for UNIX could allow a remote attacker to execute arbitrary code.

Description

Adobe Acrobat Reader is an application that allows users to view PDF (Portable Document Format) files. Acrobat Reader for UNIX (Linux, Sun Solaris SPARC, IBM AIX, or HP-UX) contains a buffer overflow in the mailListIsPdf() function. This function determines if the specified input file is an email message containing a PDF attachment. When parsing the email message, this function unsafely copies user-supplied data to a fixed size buffer.

Impact

An attacker could execute arbitrary code with privileges of the local user. Remote exploitation could be possible by attaching a specially crafted PDF to an email message.

Solution

Upgrade Acrobat Reader

This issue is resolved in Acrobat Reader 5.0.10 for UNIX.


Patch acroread shell script

The iDEFENSE Security Advisory 12.14.04 contains an unofficial patch for the acroread shell script. According to the advisory, this patch verifies that the files passed to the Acrobat Reader application are PDF documents.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Adobe Systems IncorporatedAffected15 Dec 200415 Dec 2004
FreeBSDAffected05 Jan 200506 Jan 2005
GentooAffected-06 Jan 2005
RedhatAffected05 Jan 200506 Jan 2005
SuSE Inc.Affected05 Jan 200506 Jan 2005
Apple Computer Inc.Not Affected05 Jan 200524 Feb 2005
DebianNot Affected05 Jan 200505 Jan 2005
HitachiNot Affected05 Jan 200518 Jan 2005
NEC CorporationNot Affected05 Jan 200509 Mar 2005
ConectivaUnknown05 Jan 200505 Jan 2005
Cray Inc.Unknown05 Jan 200505 Jan 2005
EMC CorporationUnknown05 Jan 200505 Jan 2005
EngardeUnknown05 Jan 200505 Jan 2005
F5 NetworksUnknown05 Jan 200505 Jan 2005
FujitsuUnknown05 Jan 200505 Jan 2005
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Greg MacManus.

This document was written by Will Dormann, based on the information provided in the iDEFENSE Security Advisory 12.14.04 .

Other Information

  • CVE IDs: CAN-2004-1152
  • Date Public: 14 Dec 2004
  • Date First Published: 20 Jan 2005
  • Date Last Updated: 09 Mar 2005
  • Severity Metric: 1.02
  • Document Revision: 7

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.