--- Begin Message ---
- From: Clearswift Threat Lab <threatnews@xxxxxxxxxxxxxxxxxxxxx>
- To: "Threat Lab News" <threatnews@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 13 Jul 2004 12:25:20 +0100
Dear Subscriber,
iDEFENSE have reported a buffer overflow in the Adobe Reader version 6.0.1 used
to display the Portable Document Format (PDF) files.
http://www.idefense.com/application/poi/display?id=116&type=vulnerabilities
(if the line above wraps over a single line in you mail client, please cut and
paste the entire URL into your browser)
An attacker can abuse this flaw to run arbitrary code remotely, with local
privileges, simply by enticing the target user to attempt to open a PDF file,
either on a web site or as an email attachment. The attack uses a crafted
filename, with embedded nulls and a over-long extension. When the Adobe Reader
attampts to parse this filename, a stack based overflow occurs. Adobe Acrobat
may also be vulnerable.
iDEFENSE discovered and reported this vulnerability to Adobe back in March.
Adobe fixed the flaw in version 6.0.2, released 7 June 2004, but did not issue
a vendor security advisory, merely refering to the issue as "Security update to
further restrict malicious code execution." in the change log.
The official Adobe response - "Adobe Systems Incorporated recommends that users
update to the latest
release of Adobe Acrobat and the free Adobe Reader, version 6.0.2. Instructions
and further information is available at:
http://www.adobe.com/support/techdocs/34222.htm.";
We recommend a timely upgrade of users to Adobe Reader version 6.0.2. It is
simply a matter of time before this is exploited by the worm writers and those
who have not patched will be liable to become infected.
Pete Simpson
ThreatLab Manager
CLEARSWIFT
The MIMEsweeper Company
---
You are currently subscribed to threatnews as: itinfo@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
leave-threatnews-81253V@xxxxxxxxxxxxxxxxxxxxxxxx
--- End Message ---
