Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:253024
HistoryJan 20, 2005 - 12:00 a.m.

Adobe Acrobat Reader for UNIX contains a buffer overflow in mailListIsPdf()

2005-01-2000:00:00
www.kb.cert.org
12

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.106 Low

EPSS

Percentile

95.1%

JSON

Overview

A buffer overflow in Adobe Acrobat Reader for UNIX could allow a remote attacker to execute arbitrary code.

Description

Adobe Acrobat Reader is an application that allows users to view PDF (Portable Document Format) files. Acrobat Reader for UNIX (Linux, Sun Solaris SPARC, IBM AIX, or HP-UX) contains a buffer overflow in the mailListIsPdf() function. This function determines if the specified input file is an email message containing a PDF attachment. When parsing the email message, this function unsafely copies user-supplied data to a fixed size buffer.

Impact

An attacker could execute arbitrary code with privileges of the local user. Remote exploitation could be possible by attaching a specially crafted PDF to an email message.

Solution

Upgrade Acrobat Reader

This issue is resolved in Acrobat Reader 5.0.10 for UNIX.

Patch acroread shell script

The iDEFENSE Security Advisory 12.14.04 contains an unofficial patch for the acroread shell script. According to the advisory, this patch verifies that the files passed to the Acrobat Reader application are PDF documents.

Vendor Information

253024

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Adobe Systems Incorporated __ Affected

Notified: December 15, 2004 Updated: December 15, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

FreeBSD __ Affected

Notified: January 05, 2005 Updated: January 06, 2005

Status

Affected

Vendor Statement

Adobe Acrobat Reader is available in the FreeBSD Ports Collection.
Please see
<http://vuxml.freebsd.org/28e93883-539f-11d9-a9e7-0001020eed82.html&gt;
for details regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Gentoo __ Affected

Updated: January 06, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see GLSA 200412-12.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Redhat __ Affected

Notified: January 05, 2005 Updated: January 06, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see <https://rhn.redhat.com/errata/RHSA-2004-674.html&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

SuSE Inc. __ Affected

Notified: January 05, 2005 Updated: January 06, 2005

Status

Affected

Vendor Statement

SUSE has released updated Acrobat Reader (acroread) packages updating it to version 5.0.10 for all SUSE Linux based products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Apple Computer Inc. __ Not Affected

Notified: January 05, 2005 Updated: February 24, 2005

Status

Not Affected

Vendor Statement

Mac OS X and Mac OS X Server do not contain this issue as the vulnerable versions of Adobe Acrobat were not distributed.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Debian __ Not Affected

Notified: January 05, 2005 Updated: January 05, 2005

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Hitachi __ Not Affected

Notified: January 05, 2005 Updated: January 18, 2005

Status

Not Affected

Vendor Statement

Hitachi HI-UX/WE2 is NOT Vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

NEC Corporation __ Not Affected

Notified: January 05, 2005 Updated: March 09, 2005

Status

Not Affected

Vendor Statement

NEC products are NOT susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Conectiva __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Cray Inc. __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

EMC Corporation __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Engarde __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

F5 Networks __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Fujitsu __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Hewlett-Packard Company __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

IBM __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

IBM eServer __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

IBM-zSeries __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Immunix __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Ingrian Networks __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Juniper Networks __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

MandrakeSoft __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Microsoft Corporation __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

MontaVista Software __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

NETBSD __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Nokia __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Novell __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

OpenBSD __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Openwall GNU/*/Linux __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

SCO __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

SGI __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Sequent __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Sony Corporation __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Sun Microsystems Inc. __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

TurboLinux __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Unisys __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

Wind River Systems Inc. __ Unknown

Notified: January 05, 2005 Updated: January 05, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).

View all 38 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by Greg MacManus.

This document was written by Will Dormann, based on the information provided in the iDEFENSE Security Advisory 12.14.04 .

Other Information

CVE IDs: CVE-2004-1152
Severity Metric: 1.02 Date Public:

Related

cve 1
freebsd 1
nessus 3
redhat 1
securityvulns 1
gentoo 1
openvas 5
cvelist 1
nvd 1
cve
cve
CVE-2004-1152
2005-01-10 05:00:00
freebsd
freebsd
acroread5 -- mailListIsPdf() buffer overflow vulnerability
2004-10-14 00:00:00
nessus
nessus
GLSA-200412-12 : Adobe Acrobat Reader: Buffer overflow vulnerability
2004-12-17 00:00:00
RHEL 3 : acroread (RHSA-2004:674)
2004-12-23 00:00:00
FreeBSD : acroread5 -- mailListIsPdf() buffer overflow vulnerability (28e93883-539f-11d9-a9e7-0001020eed82)
2005-07-13 00:00:00
redhat
redhat
(RHSA-2004:674) acroread security update
2004-12-23 00:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 12.14.04 - Adobe Acrobat Reader 5.0.9 mailListIsPdf&#40;&#41; Buffer Overflow Vulnerability
2004-12-15 00:00:00
gentoo
gentoo
Adobe Acrobat Reader: Buffer overflow vulnerability
2004-12-16 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200412-12 (acroread)
2008-09-24 00:00:00
Adobe Reader 'mailListIsPdf' Buffer Overflow Vulnerability - Linux
2014-04-10 00:00:00
Gentoo Security Advisory GLSA 200412-12 (acroread)
2008-09-24 00:00:00
cvelist
cvelist
CVE-2004-1152
2004-12-22 05:00:00
nvd
nvd
CVE-2004-1152
2005-01-10 05:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.106 Low

EPSS

Percentile

95.1%

JSON
Related for VU:253024
cve1freebsd1nessus3redhat1securityvulns1gentoo1openvas5cvelist1nvd1