Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 74467

Summary: Adobe Acrobat Reader "mailListIsPdf()" Function Buffer Overflow
Product: Gentoo Security Reporter: Aarni Honka <aarni.honka>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
Package list:
Runtime testing required: ---

Description Aarni Honka 2004-12-15 04:10:34 UTC
TITLE:
Adobe Acrobat Reader "mailListIsPdf()" Function Buffer Overflow

SECUNIA ADVISORY ID:
SA13474

VERIFY ADVISORY:
http://secunia.com/advisories/13474/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Adobe Acrobat Reader 5.x
http://secunia.com/product/389/

DESCRIPTION:
iDEFENSE has reported a vulnerability in Adobe Acrobat Reader, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the
"mailListIsPdf()" function when checking input files. This can be
exploited to cause a buffer overflow by e.g. sending an e-mail with a
malicious PDF document attached or a link to one.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been reported in version 5.0.9 for Unix. Prior
versions may also be affected.

SOLUTION:
Update to version 5.0.10 for Unix.
http://www.adobe.com/products/acrobat/readstep2.html

PROVIDED AND/OR DISCOVERED BY:
Greg MacManus, iDEFENSE Labs.

ORIGINAL ADVISORY:
Adobe:
http://www.adobe.com/support/techdocs/331153.html

iDEFENSE:
http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-12-15 04:12:21 UTC

*** This bug has been marked as a duplicate of 74406 ***