Adobe Form Designer and Advanced Form Client contain multiple ActiveX buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The Adobe Form Designer and Advanced Form Client software provide multiple ActiveX controls. The Adobe File Dialog Button Control, which is provided by FileDlg.dll, and the Adobe Copy to Server Object, which is provided by SvrCopy.dll, contain buffer overflow vulnerabilities. The 5.0 versions of the Designer and Client software appear to be vulnerable.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
Apply an update
Please apply the update specified in Adobe Security Bulletin APSB08-09. If you are unable to apply an update, please consider the following workarounds:
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
|Date First Published:||2008-03-12|
|Date Last Updated:||2009-04-13 17:17 UTC|