CERTVU:167228Adobe Acrobat fails to properly convert files to PDF
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.5%
Overview
A vulnerability exists in Adobe Acrobat that may allow an attacker to execute arbitrary code.
Description
Adobe Acrobat contains a buffer overflow in the code that converts files to PDF. If an attacker can convince a user to create a PDF using specially-crafted input, that attacker may be able to trigger the overflow.
Adobe reports this vulnerability only affects Adobe Acrobat versions 6.0.4 and earlier. For more information refer to Adobe Security bulletin APSB06-09.
Impact
An attacker may be able to execute arbitrary code or cause the instance of Adobe Acrobat to terminate.
Solution
Upgrade
Upgrade to Acrobat 6.0.5.
Vendor Information
167228
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Adobe Affected
Notified: July 13, 2006 Updated: July 21, 2006
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.adobe.com/support/security/bulletins/apsb06-09.html>
- <http://secunia.com/advisories/21014/>
Acknowledgements
This vulnerability was reported by Adobe.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2006-3453 |
|---|---|
| Severity Metric: | 0.08 Date Public: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.5%