Security Advisory: Acrobat and Adobe Reader plug-in buffer overflow


Release Date: August 16th, 2005



Products: Adobe Reader 5.1, 6.0-6.0.3, 7.0-7.0.2, Adobe Acrobat 5.0-5.0.5, 6.0-6.0.3, 7.0-7.0.2


Platform : Windows, Mac OS, Linux, Solaris


Vulnerability Identifier: CVE-2005-2470


Overview: Adobe has discovered a buffer overflow in Adobe Acrobat and Adobe Reader. This issue has been addressed and a product update is available to proactively mitigate potential malicious activity. Adobe always recommends that users keep their systems up to date, and install the latest update of these applications.


Effect: If the vulnerability were successfully exploited, the application could crash with an increased risk of arbitrary code execution.


Details: The identified vulnerability is a buffer overflow within a core application plug-in, which is part of Adobe Acrobat and Adobe Reader. If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe Reader. A buffer overflow can cause the application to crash and increase the risk of malicious code execution.


Recommendations:


Adobe Reader on Windows or Mac OS:


— For version 7.0-7.0.2, users should utilize the product’s automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now. Alternatively, the 7.0.3 update files can also be manually downloaded and installed from: www.adobe.com/support/downloads .


— For versions prior to 7.0, Adobe strongly recommends upgrading to Adobe Reader 7.0.3, available from the following site along with the update procedure described above. www.adobe.com/products/acrobat/readstep2.html


The remainder of the advisory is located at http://www.adobe.com/support/techdocs/321644.html


Comments (1)

  1. Nice site says:

    Your site is realy very interesting.