10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.106 Low
EPSS
Percentile
95.1%
A buffer overflow in Adobe Acrobat Reader for UNIX could allow a remote attacker to execute arbitrary code.
Adobe Acrobat Reader is an application that allows users to view PDF (Portable Document Format) files. Acrobat Reader for UNIX (Linux, Sun Solaris SPARC, IBM AIX, or HP-UX) contains a buffer overflow in the mailListIsPdf() function. This function determines if the specified input file is an email message containing a PDF attachment. When parsing the email message, this function unsafely copies user-supplied data to a fixed size buffer.
An attacker could execute arbitrary code with privileges of the local user. Remote exploitation could be possible by attaching a specially crafted PDF to an email message.
Upgrade Acrobat Reader
This issue is resolved in Acrobat Reader 5.0.10 for UNIX.
Patch acroread shell script
The iDEFENSE Security Advisory 12.14.04 contains an unofficial patch for the acroread shell script. According to the advisory, this patch verifies that the files passed to the Acrobat Reader application are PDF documents.
253024
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: December 15, 2004 Updated: December 15, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 06, 2005
Affected
Adobe Acrobat Reader is available in the FreeBSD Ports Collection.
Please see
<http://vuxml.freebsd.org/28e93883-539f-11d9-a9e7-0001020eed82.html>
for details regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Updated: January 06, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see GLSA 200412-12.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 06, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <https://rhn.redhat.com/errata/RHSA-2004-674.html>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 06, 2005
Affected
SUSE has released updated Acrobat Reader (acroread) packages updating it to version 5.0.10 for all SUSE Linux based products.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: February 24, 2005
Not Affected
Mac OS X and Mac OS X Server do not contain this issue as the vulnerable versions of Adobe Acrobat were not distributed.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 18, 2005
Not Affected
Hitachi HI-UX/WE2 is NOT Vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: March 09, 2005
Not Affected
NEC products are NOT susceptible to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
Notified: January 05, 2005 Updated: January 05, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23253024 Feedback>).
View all 38 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Greg MacManus.
This document was written by Will Dormann, based on the information provided in the iDEFENSE Security Advisory 12.14.04 .
CVE IDs: | CVE-2004-1152 |
---|---|
Severity Metric: | 1.02 Date Public: |