Info

Disclosure

Jul 12, 2004

Discovery

Feb 02, 2004

Dates

Exploit

Unknown

Solution

Jun 07, 2004

Description

A remote overflow exists in Adobe Acrobat Reader. The Adobe Acrobat Reader fails to validate the filename path during parsing resulting in a buffer overflow. With a specially crafted request, an attacker can cause execute arbitrary code resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 6.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Adobe Systems Incorporated

Acrobat Reader

6.0.1

References

Secunia Advisory ID: 12053
ISS X-Force ID: 16667
CVE ID: 2004-0632 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0492.html
Other Advisory URL: http://www.idefense.com/application/poi/display?id=116&type=vulnerabilities

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/7766