Tuesday, August 16, 2005

Adobe Acrobat and Reader Plug-in Buffer Overflow Vulnerability

Via FrSIRT.

FrSIRT Advisory : FrSIRT/ADV-2005-1434
CVE Reference : CVE-2005-2470
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-08-16

Technical description:

A vulnerability was identified in Adobe Acrobat and Adobe Reader, which could be exploited by attackers to execute arbitrary commands. This flaw is due to an unspecified buffer overflow error in the core application plug-in, which could be exploited by attackers to take complete control of an affected system by convincing a user to read a specially crafted PDF document.

* Affected Products *

Adobe Reader versions 7.0 through 7.0.2
Adobe Reader versions 6.0 through 6.0.3
Adobe Reader 5.1

Adobe Acrobat versions 7.0 through 7.0.2
Adobe Acrobat versions 6.0 through 6.0.3
Adobe Acrobat 5.1

* Solution *

Adobe Reader (Windows or Mac OS) - Upgrade to version 7.0.3 or 6.0.4
Adobe Reader (Linux or Solaris) - Upgrade to version 7.0.1
Adobe Acrobat (Windows or Mac OS) - Upgrade to version 7.0.3, 6.0.4, or 5.0.10

0 Comments:

Post a Comment

<< Home