A vulnerability in various UNIX and Linux PDF viewers/readers may allow remote attackers to execute arbitrary commands on your system.
Adobe Systems Incorporated describes PDF (Portable Document Format) as "a universal file format that preserves the fonts, images, graphics, and layout of any source document, regardless of the application and platform used to create it." A viewer such as Adobe Reader or Xpdf is needed to view a document encoded in PDF. Various PDF viewers are widely deployed on the Internet. Quoting from the Adobe Systems Incorporated web site:
Governments and enterprises around the world have adopted PDF to streamline document management, increase productivity, and reduce reliance on paper....An open file format specification, PDF is available to anyone who wants to develop tools to create, view, or manipulate PDF documents. Indeed, more than 1,800 vendors offer PDF-based solutions, ensuring that organizations that adopt the PDF standard have a variety of tools to leverage the Portable Document Format and to customize document processes.
A remote attacker may be able to execute arbitrary commands with the privileges of the victim.
Apply a patch when available.
Adobe Systems Incorporated Affected
Red Hat Inc. Affected
Sun Microsystems Inc. Affected
Apple Computer Inc. Not Affected
Fujitsu Not Affected
Hitachi Not Affected
Ingrian Networks Not Affected
Microsoft Corporation Not Affected
NEC Corporation Not Affected
Nortel Networks Not Affected
Xerox Corporation Not Affected
Cisco Systems Inc. Unknown
Computer Associates Unknown
Cray Inc. Unknown
D-Link Systems Unknown
Data General Unknown
Extreme Networks Unknown
F5 Networks Unknown
Foundry Networks Inc. Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
Juniper Networks Unknown
Lotus Software Unknown
Lucent Technologies Unknown
MontaVista Software Unknown
Multi-Tech Systems Inc. Unknown
Network Appliance Unknown
Openwall GNU/*/Linux Unknown
Redback Networks Inc. Unknown
Riverstone Networks Unknown
Sony Corporation Unknown
SuSE Inc. Unknown
Wind River Systems Inc. Unknown
This vulnerability was discovered by Martyn Gilmore. The CERT/CC thanks Martyn, Adobe, and the folks responsible for the Xpdf project.
This document was written by Ian A Finlay.
|Date First Published:||2003-06-18|
|Date Last Updated:||2003-09-26 15:44 UTC|