Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulnerability
BID:9802
Info
Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulnerability
| Bugtraq ID: | 9802 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 04 2004 12:00AM |
| Updated: | Mar 04 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to David Litchfield <[email protected]>. |
| Vulnerable: |
Adobe Reader 5.1 |
| Not Vulnerable: | |
Discussion
Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulnerability
Acrobat Reader has been reported to be prone to a buffer overflow vulnerability. According to the report, the overflow occurs when a user views a malicious XFDF document.
Due to the nature of this vulnerability an attacker may potentially leverage the issue to corrupt values that crucial to controlling program execution flow, if this is the case it is conjectured that this issue may be exploitable to execute arbitrary instructions in the context of the affected software.
Acrobat Reader has been reported to be prone to a buffer overflow vulnerability. According to the report, the overflow occurs when a user views a malicious XFDF document.
Due to the nature of this vulnerability an attacker may potentially leverage the issue to corrupt values that crucial to controlling program execution flow, if this is the case it is conjectured that this issue may be exploitable to execute arbitrary instructions in the context of the affected software.
Exploit / POC
Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulnerability
Solution:
It has been reported that this issue is addressed in the latest version of Adobe Reader, this however has not yet been confirmed. Latest versions of Adobe products can be found at the following location:
http://www.adobe.com/support/downloads/main.html
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It has been reported that this issue is addressed in the latest version of Adobe Reader, this however has not yet been confirmed. Latest versions of Adobe products can be found at the following location:
http://www.adobe.com/support/downloads/main.html
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulnerability
References:
References:
- Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability (David Litchfield
- Adobe Homepage (Adobe)
- Adobe Reader Download Page (Adobe)
- NGSSoftware Homepage (NGSSoftware)
- Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability ("NGSSoftware Insight Security Research"