Vulnerability Note VU#448569
Adobe Download Manager buffer overflow
Adobe Download Manager contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to run arbitrary code with the privileges of the affected user or cause a denial-of-service condition.
Adobe Download Manager (ADM)
ADM is a utility that Adobe provides to aid in downloading Adobe software. ADM is included with the download of numerous Adobe products including, but not limited to, Adobe Reader. More information on ADM is available at the About Download Manager website.
A remote unauthenticated attacker may be able to execute arbitrary code by convincing a user to open a specially crafted AOM file. This can be achieved by creating a specially crafted web page or other HTML document that may launch ADM without any user interaction.
Uninstall Adobe Download Manager
Attackers may host malicious AOM files on web sites. In order to convince users to visit their sites, those attackers often use a variety of techniques to create misleading links including URL encoding, IP address variations, long URLs, and intentional misspellings. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Affected||-||07 Dec 2006|
CVSS Metrics (Learn More)
This issue was reported in Adobe Security bulletin APSB06-19. Adobe credits Zero Day Initiative and eEye Digital Security for reporting this vulnerability.
This document was written by Chris Taschner.
- CVE IDs: CVE-2006-5856
- Date Public: 06 Dec 2006
- Date First Published: 07 Dec 2006
- Date Last Updated: 07 Dec 2006
- Severity Metric: 4.62
- Document Revision: 26
If you have feedback, comments, or additional information about this vulnerability, please send us email.