Adobe Acrobat Multiple Vulnerabilities

Bugtraq ID:	21155
Class:	Access Validation Error
CVE:	CVE-2006-6027
Remote:	Yes
Local:	No
Published:	Nov 17 2006 12:00AM
Updated:	Dec 06 2006 10:49PM
Credit:	Michal Bucko is credited with the discovery of these issues.
Vulnerable:	Adobe Reader 7.0.8 Adobe Reader 7.0.7 Adobe Reader 7.0.6 Adobe Reader 7.0.5 Adobe Reader 7.0.4 Adobe Reader 7.0.3 Adobe Reader 7.0.2 Adobe Reader 7.0.1 Adobe Reader 7.0 Adobe Acrobat Standard 7.0.8 Adobe Acrobat Standard 7.0.7 Adobe Acrobat Standard 7.0.6 Adobe Acrobat Standard 7.0.5 Adobe Acrobat Standard 7.0.4 Adobe Acrobat Standard 7.0.3 Adobe Acrobat Standard 7.0.2 Adobe Acrobat Standard 7.0.1 Adobe Acrobat Standard 7.0 Adobe Acrobat Professional 7.0.8 Adobe Acrobat Professional 7.0.7 Adobe Acrobat Professional 7.0.6 Adobe Acrobat Professional 7.0.5 Adobe Acrobat Professional 7.0.4 Adobe Acrobat Professional 7.0.3 Adobe Acrobat Professional 7.0.2 Adobe Acrobat Professional 7.0.1 Adobe Acrobat Professional 7.0
Not Vulnerable:	Adobe Reader 8.0 Adobe Acrobat Standard 8.0 Adobe Acrobat Professional 8.0

Adobe Acrobat Multiple Vulnerabilities

Adobe Acrobat is prone to multiple vulnerabilities. These errors have been confirmed to occur when Reader is invoked by Internet Explorer; other occurrences may exist.

Attackers can exploit these issues to cause denial-of-service conditions on a victim computer.

The vendor has confirmed that one of these issues may lead to arbitrary code execution.

Adobe Acrobat Multiple Vulnerabilities

To exploit this vulnerability, an attacker must entice a victim user to access a malicious file.

The following proof-of-concept exploit is available:

• /data/vulnerabilities/exploits/21155-AcroPDF_DoS.html

Adobe Acrobat Multiple Vulnerabilities

Solution:
The vendor has released an advisory along with fixes to address these issues. Please see the referenced advisory for information on obtaining and applying fixes.

Adobe Acrobat Multiple Vulnerabilities

References:

• Adobe Reader Download Page (Adobe)
  
• APSA06-02 - Potential vulnerabilities in Adobe Reader and Acrobat (Adobe)
  
• APSB06-20 - Update available for potential vulnerabilities in Adobe Reader and A (Adobe)