[Vulnerable] Adobe Acrobat / Reader File Extension

13/07/2004 - 22:20 por Ille Corvus | Informe spam
Adobe Acrobat / Reader File Extension Buffer Overflow Vulnerability
http://secunia.com/advisories/12053/


Secunia Advisory: SA12053
Release Date: 2004-07-13

Critical: Moderately critical
Impact: System access
Where: From remote

Software: Adobe Acrobat 6.x
Adobe Reader 6.x

Choose a product and view comprehensive vulnerability statistics and
all Secunia advisories affecting it.

CVE reference: CAN-2004-0632

Description:
Greg MacManus has discovered a vulnerability in Adobe Acrobat /
Reader, which potentially can be exploited by malicious people to
compromise a user's system.

The vulnerability is caused due to a parsing and boundary error when
splitting filename paths into components. This causes a stack-based
buffer overflow when opening a file with an overly long, unhandled
file extension.

Successful exploitation requires that a user is tricked into opening a
malicious PDF document.

Solution:
Update to version 6.0.2.
http://www.adobe.com/support/techdocs/34222.htm

Provided and/or discovered by:
Greg MacManus, iDEFENSE.

Original Advisory:
http://www.idefense.com/applicat...?id6&type=vulnerabilities



Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


«Prefiero molestar con la verdad que complacer con adulaciones (Lucio Anneo Seneca)»
 

Leer las respuestas

#1 CUBE
14/07/2004 - 03:07 | Informe spam
Si quieres postear todas las parrafadas que postéas, al menos tradúcelas al
español. No sé si la jerarquía «es.» te dice algo.

No creo que sea normal que el 23% de los mensajes de
es.comp.os.ms-windows.misc sean tuyos, eso en mi pueblo se llama reventar el
grupo.



"Ille Corvus" escribió en el mensaje
news:
Adobe Acrobat / Reader File Extension Buffer Overflow Vulnerability
http://secunia.com/advisories/12053/


Secunia Advisory: SA12053
Release Date: 2004-07-13

Critical: Moderately critical
Impact: System access
Where: From remote

Software: Adobe Acrobat 6.x
Adobe Reader 6.x

Choose a product and view comprehensive vulnerability statistics and
all Secunia advisories affecting it.

CVE reference: CAN-2004-0632

Description:
Greg MacManus has discovered a vulnerability in Adobe Acrobat /
Reader, which potentially can be exploited by malicious people to
compromise a user's system.

The vulnerability is caused due to a parsing and boundary error when
splitting filename paths into components. This causes a stack-based
buffer overflow when opening a file with an overly long, unhandled
file extension.

Successful exploitation requires that a user is tricked into opening a
malicious PDF document.

Solution:
Update to version 6.0.2.
http://www.adobe.com/support/techdocs/34222.htm

Provided and/or discovered by:
Greg MacManus, iDEFENSE.

Original Advisory:
http://www.idefense.com/applicat...?id6&type=vulnerabilities



Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


«Prefiero molestar con la verdad que complacer con adulaciones (Lucio


Anneo Seneca)»

Preguntas similares