Adobe Acrobat allows pointer overwrite via specially crafted PDF file

2007-01-19T00:00:00
ID VU:698924
Type cert
Reporter CERT
Modified 2007-01-24T00:00:00

Description

Overview

Adobe Acrobat and Adobe Reader fail to properly handle a specially crafted PDF file, which may allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

Adobe Acrobat and Adobe Reader are applications designed to create and view Portable Document Format (PDF) files. A specially crafted PDF file can cause heap memory corruption when it is opened in these applications. This memory corruption may allow an attacker to overwrite the contents of the EIP (Extended Instruction Pointer) register, thus gaining control of program execution flow. According to Adobe, the affected versions are:

Adobe Reader 7.0.8 and earlier versions Adobe Acrobat Standard, Professional and Elements 7.0.8 and earlier versions Adobe Acrobat 3D


Impact

A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.


Solution

Apply an update