Vulnerability details :
 
Adobe Acrobat Reader ActiveX Control Overflow 
 
     Fiche

Fiche créée le 2004-08-16 16:03:03, dernière mise à jour le 2010-03-12 09:12:27

A remote overflow exists in Adobe Acrobat Reader. Acrobat Readers' active x component pdf.ocx fails to perform bounds checking on long URI strings resulting in a buffer overflow within RTLHeapFree(). With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of confidentiality and integrity.


The following example can be used to test the vulnerability Example: http://[host]/[directory]/[existing_pdf].pdf%00[long_string] This will only work on web servers, which truncate the URL request before the "%00" sequence, such as Internet Information Server (IIS) and/or Netscape Enterprise Server. Other server software such as Apache should return a "file not found" page when this test and/or vulnerability is attempted.
 
Adobe Systems Incorporated    5.0.5  Affected
 
Attack Type :  Input Manipulation
 XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding.
 Découvert le 2004-08-13 07:00:00
 
Disclosure :  OSVDB Verified
 Confirmé le 2004-08-13 07:00:00
 
Exploit :  Exploit Public
 Exploit découvert le 2004-08-13 07:00:00
 
Impact :  Loss of Confidentiality
 Assurance that data is protected and not disclosed to an unauthorized party. Examples: password disclosures, server information, environment variables, confirmation of file existence, path disclosure, file content access, some SQL injection.
 
Impact :  Loss of Integrity
 Assurance that data is unaltered by unauthorized persons. Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc.
 
Location :  Context Dependent
 
Location :  Remote / Network Access
 If network access if required and exploit can be done remotely.
 
 
External refs :
OSVDB  8883
  
  
  
  
  
  
  
 
 
 
 

 
 


Free consultation (search)
 
  Fill one or some of the fields below :
   
Vendor
 
Title
 
Vulnerability ref.
 
 
   
 
   
Individual alerts
 
You determine with one profile dynamic and assisted, all your material and software equipment.
We shall inform you then automatically, as soon as a notification of security will concern one or several elements of it profile.
Every notification is definite, consists of numerous information to determine risk and to protect itself from it.
 
Login:
Pass:
 
Free online subscription
© Power4Security.com - BMS Ltd UK 2007-2008 - powered by Power4Website.com
Partenaires : Anti-spam - Hébergement France - MySQL Php Suisse - Hosting Canada - Web Php Maroc - WebmasterMalin
Guide de l'affiliation - Guide du paiement électronique et de l'e-currency - Annuaire du Web - Solution e-commerce - Externalisation et outsourcing
e-Marketing et e-Mailing - Comparaison de services - Comparateur Marchands - Bons plans par email - Tests de personnalité et de QI
SMS API - Forums et Petites Annonces Gratuites - Rencontres - Sonneries - Offres du Web - Arrêter de fumer - Guide des mobiles et PDA