Security Advisory: Acrobat and Adobe Reader plug-in buffer overflow

Release Date: August 16th, 2005

Products: Adobe Reader 5.1, 6.0-6.0.3, 7.0-7.0.2, Adobe Acrobat 5.0-5.0.5, 6.0-6.0.3, 7.0-7.0.2

Platform : Windows, Mac OS, Linux, Solaris

Vulnerability Identifier: CVE-2005-2470

Overview: Adobe has discovered a buffer overflow in Adobe Acrobat and Adobe Reader. This issue has been addressed and a product update is available to proactively mitigate potential malicious activity. Adobe always recommends that users keep their systems up to date, and install the latest update of these applications.

Effect: If the vulnerability were successfully exploited, the application could crash with an increased risk of arbitrary code execution.

Details: The identified vulnerability is a buffer overflow within a core application plug-in, which is part of Adobe Acrobat and Adobe Reader. If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe Reader. A buffer overflow can cause the application to crash and increase the risk of malicious code execution.

Recommendations:

Adobe Reader on Windows or Mac OS:

-- For version 7.0-7.0.2, users should utilize the product's automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now. Alternatively, the 7.0.3 update files can also be manually downloaded and installed from: www.adobe.com/support/downloads .

-- For versions prior to 7.0, Adobe strongly recommends upgrading to Adobe Reader 7.0.3, available from the following site along with the update procedure described above. www.adobe.com/products/acrobat/readstep2.html

The remainder of the advisory is located at https://www.adobe.com/support/techdocs/321644.html