PhotoshopNews.com
Aug 17, 2005

Security Advisory: Acrobat and Adobe Reader plug-in buffer overflow

Release Date: August 16th, 2005

Products: Adobe Reader 5.1, 6.0-6.0.3, 7.0-7.0.2, Adobe Acrobat 5.0-5.0.5, 6.0-6.0.3, 7.0-7.0.2

Platform : Windows, Mac OS, Linux, Solaris

Vulnerability Identifier: CVE-2005-2470

Overview: Adobe has discovered a buffer overflow in Adobe Acrobat and Adobe Reader. This issue has been addressed and a product update is available to proactively mitigate potential malicious activity. Adobe always recommends that users keep their systems up to date, and install the latest update of these applications.

Effect: If the vulnerability were successfully exploited, the application could crash with an increased risk of arbitrary code execution.

Details: The identified vulnerability is a buffer overflow within a core application plug-in, which is part of Adobe Acrobat and Adobe Reader. If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe Reader. A buffer overflow can cause the application to crash and increase the risk of malicious code execution.

Recommendations:

Adobe Reader on Windows or Mac OS:

– For version 7.0-7.0.2, users should utilize the product’s automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now. Alternatively, the 7.0.3 update files can also be manually downloaded and installed from: www.adobe.com/support/downloads .

– For versions prior to 7.0, Adobe strongly recommends upgrading to Adobe Reader 7.0.3, available from the following site along with the update procedure described above. www.adobe.com/products/acrobat/readstep2.html

– For users of Adobe Reader 6.0-6.0.3 who cannot upgrade to Adobe Reader 7.0.3, utilize the product’s automatic update facility to install version 6.0.4, or alternatively download and install the update from www.adobe.com/support/downloads .

Adobe Reader on Linux or Solaris:

– For version 7.0, users should upgrade to Adobe Reader 7.0.1 from www.adobe.com/products/acrobat/readstep2.html .

– For versions prior to 7.0, users should upgraded to 7.0.1 from www.adobe.com/products/acrobat/readstep2.html .

Adobe Acrobat on Windows or Mac OS:

– For version 7.0-7.0.2, users should utilize the product’s automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now. Alternatively, the update files can also be manually downloaded and installed from www.adobe.com/support/downloads .

– For version 6.0-6.0.3, users should utilize the product’s automatic update facility to install version 6.0.4 or alternatively download and install the update from www.adobe.com/support/downloads .

– For version 5.0-5.0.5, users should download and install the 5.0.10 update from www.adobe.com/support/downloads .

Comments are closed.