TITLE: Adobe Acrobat Reader "mailListIsPdf()" Function Buffer Overflow SECUNIA ADVISORY ID: SA13474 VERIFY ADVISORY: http://secunia.com/advisories/13474/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Adobe Acrobat Reader 5.x http://secunia.com/product/389/ DESCRIPTION: iDEFENSE has reported a vulnerability in Adobe Acrobat Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "mailListIsPdf()" function when checking input files. This can be exploited to cause a buffer overflow by e.g. sending an e-mail with a malicious PDF document attached or a link to one. Successful exploitation allows execution of arbitrary code. The vulnerability has been reported in version 5.0.9 for Unix. Prior versions may also be affected. SOLUTION: Update to version 5.0.10 for Unix. http://www.adobe.com/products/acrobat/readstep2.html PROVIDED AND/OR DISCOVERED BY: Greg MacManus, iDEFENSE Labs. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/techdocs/331153.html iDEFENSE: http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities
*** This bug has been marked as a duplicate of 74406 ***
