PDA

Visualizza versione completa : Adobe Acrobat Reader ActiveX Control Buffer Overflow Vulnerability


Giorgius
17-08-2004, 12.17.48
Effetti:
Rafel Ivgi has reported a vulnerability in Adobe Acrobat Reader, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the "pdf.ocx" ActiveX component supplied with Adobe Acrobat Reader. This can e.g. be exploited via a malicious website using a specially crafted URL to potentially execute arbitrary code.

Example:
http://[host]/[directory]/[existing_pdf].pdf%00[long_string]

NOTE: This only works on servers, which truncate the URL before the "%00" sequence (e.g. IIS and Netscape Enterprise).

The vulnerability has been reported in version 5.0.5. Other versions may also be affected.

Info:
http://secunia.com/advisories/12303/