[NT] Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability
From: SecuriTeam (support_at_securiteam.com)
Date: 07/12/04
- Previous message: SecuriTeam: "[UNIX] csFAQ Path Disclosure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 12 Jul 2004 18:31:57 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.adobe.com/> Adobe Reader is "a program used to display
Portable Document Format (PDF) documents". Exploitation of a buffer
overflow vulnerability in Adobe Reader 6.0 allows remote attackers to
execute arbitrary code.
DETAILS
Vulnerable Systems:
* Adobe Acrobat Reader version 6.0.1
Immune Systems:
* Adobe Acrobat Reader version 6.0.2
The problem specifically exists within a routine that is responsible for
splitting the filename path into multiple components. Due to a parsing
error involving NULL characters, an attacker can force Adobe Reader to
open a file containing an unhandled file extension. If an overly long
extension is supplied, a stack based overflow occurs.
Analysis:
Successful exploitation allows an attacker to execute arbitrary code under
the privileges of the local user. Remote exploitation is possible by
sending a specially crafted e-mail and attaching the malicious PDF
document.
Vendor response:
Coordinated public disclosure of this vulnerability did not occur.
According to Adobe, the vulnerability was patched on June 7, 2004 when
Adobe Reader 6.0.2 was released. A vendor security advisory was not
released but the following statement was included in a change log (
<http://www.adobe.com/support/techdocs/34222.htm>
http://www.adobe.com/support/techdocs/34222.htm) detailing the changes
included in the 6.0.2 update:
"Security update to further restrict malicious code execution."
Adobe's official response is below:
"Adobe Systems Incorporated recommends that users update to the latest
release of Adobe Acrobat and the free Adobe Reader, version 6.0.2.
Instructions and further information is available at:
<http://www.adobe.com/support/techdocs/34222.htm>
http://www.adobe.com/support/techdocs/34222.htm."
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0632>
CAN-2004-0632
Disclosure timeline:
02/02/2003 Exploit discovered by iDEFENSE
03/11/2004 Initial vendor notification
03/11/2004 Initial vendor response
03/11/2004 iDEFENSE clients notified
06/07/2004 Vendor update released
07/12/2004 Public Disclosure
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@idefense.com> Greg MacManus (iDEFENSE Labs).
The original article can be found at:
<http://www.idefense.com/application/poi/display?id=116&type=vulnerabilities> http://www.idefense.com/application/poi/display?id=116&type=vulnerabilities
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] csFAQ Path Disclosure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NT] Adobe Reader Security Provider Unsafe Libary Path Vulnerability
... Get your security news from a reliable source. ... Adobe Reader Security
Provider Unsafe Libary Path Vulnerability ... Provider" libraries that contains the
directory the application was ... (Securiteam) - Local file detection found through Adobe Reader ActiveX control
... Hyperdose Security Advisory ... Local file detection found through Adobe
Reader ActiveX control ... the attacker can call the LoadFile ... (Bugtraq) - [UNIX] Adobe Acrobat Reader (UNIX) Uudecode Filename Buffer Overflow Vulnerability
... Get your security news from a reliable source. ... free software that lets you
view and print Adobe Portable Document Format ... The UNIX version of Adobe Reader
is vulnerable ... The vulnerability specifically exists in that Acrobat Reader fails to
... (Securiteam) - [Full-disclosure] [ GLSA 200508-11 ] Adobe Reader: Buffer Overflow
... Adobe Reader is vulnerable to a buffer overflow which could potentially ...
Adobe Reader is a utility used to view PDF files. ... Security is a primary
focus of Gentoo Linux and ensuring the ... (Full-Disclosure) - [Full-Disclosure] Security Industry Under Scrutiny: Part 3
... > varying degrees of 'faith' in the security industry. ... site admins and
other whitehats. ... > architect would be notifying the software vendor alone...
... Full disclosure isn't so much a tool to get vunerability information ... (Full-Disclosure)
