Kangaroo
Active Member
- Messages
- 9,893
- Reaction score
- 1
OK Guys the older version is worse so at least upgrade to reader 6.02 it is still more secure than the 5 versions.
Just be aware of the issue.
All warning s are to ensure us resident geeks stay employed
Adobe Acrobat Reader ActiveX Control Buffer Overflow Vulnerability
Secunia Advisory:SA12303
Release Date:2004-08-16Last Update:2004-08-18
Critical:
Highly criticalImpact:System access
Where:From remote
Solution Status:Partial Fix
Software:Adobe Acrobat Reader 5.x
Adobe Reader 6.x
Choose a product and view comprehensive vulnerability statistics and all Secunia advisories affecting it.
CVE reference:CAN-2004-0629
Description:
Rafel Ivgi has reported a vulnerability in Adobe Acrobat Reader, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the "pdf.ocx" ActiveX component supplied with Adobe Acrobat Reader. This can e.g. be exploited via a malicious website using a specially crafted URL to potentially execute arbitrary code.
Example:
http://[host]/[directory]/[existing_pdf].pdf%00[long_string]
NOTE: This only works on servers, which truncate the URL before the "%00" sequence (e.g. IIS and Netscape Enterprise).
The vulnerability has been reported in version 5.0.5. Other versions may also be affected.
Solution:
The vendor has stated that this issue was fixed in Adobe Acrobat Reader 6.0.2. However, it has been reported that the issue might not have been completely fixed and still can be used to cause a Denial of Service (DoS).
Prevent PDF files from automatically being opened in a web browser:
1. Open Adobe Acrobat/Acrobat Reader.
2. Edit --> Preferences --> Internet.
3. Uncheck the "Display PDF in browser" setting.
Provided and/or discovered by:
Rafel Ivgi
Changelog:
2004-08-18: Updated steps in "Solution" section.
Original Advisory:
http://www.idefense.com/applicat...?id=126&type=vulnerabilities
Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
Just be aware of the issue.
All warning s are to ensure us resident geeks stay employed
Adobe Acrobat Reader ActiveX Control Buffer Overflow Vulnerability
Secunia Advisory:SA12303
Release Date:2004-08-16Last Update:2004-08-18Critical:
Highly criticalImpact:System access
Where:From remote
Solution Status:Partial Fix
Software:Adobe Acrobat Reader 5.x
Adobe Reader 6.x
Choose a product and view comprehensive vulnerability statistics and all Secunia advisories affecting it.
CVE reference:CAN-2004-0629
Description:
Rafel Ivgi has reported a vulnerability in Adobe Acrobat Reader, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the "pdf.ocx" ActiveX component supplied with Adobe Acrobat Reader. This can e.g. be exploited via a malicious website using a specially crafted URL to potentially execute arbitrary code.
Example:
http://[host]/[directory]/[existing_pdf].pdf%00[long_string]
NOTE: This only works on servers, which truncate the URL before the "%00" sequence (e.g. IIS and Netscape Enterprise).
The vulnerability has been reported in version 5.0.5. Other versions may also be affected.
Solution:
The vendor has stated that this issue was fixed in Adobe Acrobat Reader 6.0.2. However, it has been reported that the issue might not have been completely fixed and still can be used to cause a Denial of Service (DoS).
Prevent PDF files from automatically being opened in a web browser:
1. Open Adobe Acrobat/Acrobat Reader.
2. Edit --> Preferences --> Internet.
3. Uncheck the "Display PDF in browser" setting.
Provided and/or discovered by:
Rafel Ivgi
Changelog:
2004-08-18: Updated steps in "Solution" section.
Original Advisory:
http://www.idefense.com/applicat...?id=126&type=vulnerabilities
Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.