Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)
2014-04-16T00:00:00
ID OPENVAS:1361412562310804261 Type openvas Reporter Copyright (C) 2014 Greenbone Networks GmbH Modified 2018-10-12T00:00:00
Description
This host is installed with Adobe Reader and is prone to buffer overflow
vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_adobe_reader_file_extension_bof_vuln_macosx.nasl 11867 2018-10-12 10:48:11Z cfischer $
#
# Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)
#
# Authors:
# Shakeel <bshakeel@secpod.com>
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:adobe:acrobat_reader";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.804261");
script_version("$Revision: 11867 $");
script_cve_id("CVE-2004-0632");
script_bugtraq_id(10696);
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $");
script_tag(name:"creation_date", value:"2014-04-16 10:39:15 +0530 (Wed, 16 Apr 2014)");
script_name("Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)");
script_tag(name:"summary", value:"This host is installed with Adobe Reader and is prone to buffer overflow
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Flaw exist due to a parsing and boundary error when splitting filename paths
into components.");
script_tag(name:"impact", value:"Successful exploitation will allow attacker to conduct denial of service and
possibly execute arbitrary code.");
script_tag(name:"affected", value:"Adobe Reader version 6.0 and 6.0.1 on Mac OS X.");
script_tag(name:"solution", value:"Upgrade to Adobe Reader 6.0.2 or later.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://secunia.com/advisories/12053");
script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/16667");
script_xref(name:"URL", value:"http://www.adobe.com/support/techdocs/330527.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
script_family("Buffer overflow");
script_dependencies("secpod_adobe_prdts_detect_macosx.nasl");
script_mandatory_keys("Adobe/Reader/MacOSX/Version");
script_xref(name:"URL", value:"http://get.adobe.com/reader");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!readerVer = get_app_version(cpe:CPE)){
exit(0);
}
if(readerVer && readerVer =~ "^6")
{
if(version_in_range(version:readerVer, test_version:"6.0", test_version2:"6.0.1"))
{
security_message( port: 0, data: "The target host was found to be vulnerable" );
exit(0);
}
}
{"id": "OPENVAS:1361412562310804261", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)", "description": "This host is installed with Adobe Reader and is prone to buffer overflow\nvulnerability.", "published": "2014-04-16T00:00:00", "modified": "2018-10-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804261", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/12053", "http://xforce.iss.net/xforce/xfdb/16667", "http://get.adobe.com/reader", "http://www.adobe.com/support/techdocs/330527.html"], "cvelist": ["CVE-2004-0632"], "lastseen": "2019-05-29T18:37:16", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0632"]}, {"type": "osvdb", "idList": ["OSVDB:7766"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804260"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:6476"]}], "modified": "2019-05-29T18:37:16", "rev": 2}, "score": {"value": 8.6, "vector": "NONE", "modified": "2019-05-29T18:37:16", "rev": 2}, "vulnersScore": 8.6}, "pluginID": "1361412562310804261", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_reader_file_extension_bof_vuln_macosx.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804261\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2004-0632\");\n script_bugtraq_id(10696);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-16 10:39:15 +0530 (Wed, 16 Apr 2014)\");\n script_name(\"Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader and is prone to buffer overflow\nvulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw exist due to a parsing and boundary error when splitting filename paths\ninto components.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to conduct denial of service and\npossibly execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"Adobe Reader version 6.0 and 6.0.1 on Mac OS X.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader 6.0.2 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/12053\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/16667\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/techdocs/330527.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Reader/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/reader\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(readerVer && readerVer =~ \"^6\")\n{\n if(version_in_range(version:readerVer, test_version:\"6.0\", test_version2:\"6.0.1\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "naslFamily": "Buffer overflow", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:22:58", "description": "Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow.", "edition": 4, "cvss3": {}, "published": "2004-07-27T04:00:00", "title": "CVE-2004-0632", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2004-0632"], "modified": "2017-07-11T01:30:00", "cpe": ["cpe:/a:adobe:acrobat_reader:6.0", "cpe:/a:adobe:acrobat:6.0.1", "cpe:/a:adobe:acrobat:6.0", "cpe:/a:adobe:acrobat_reader:6.0.1"], "id": "CVE-2004-0632", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0632", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "cvelist": ["CVE-2004-0632"], "description": "Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability\r\n\r\niDEFENSE Security Advisory 07.12.04\r\nwww.idefense.com/application/poi/display?id=116&type=vulnerabilities\r\nJuly 12, 2004\r\n\r\nI. BACKGROUND\r\n\r\nAdobe Reader is a program used to display Portable Document Format (PDF)\r\ndocuments.\r\n\r\nII. DESCRIPTION\r\n\r\nExploitation of a buffer overflow vulnerability in Adobe Reader 6.0\r\ncould allow remote attackers to execute arbitrary code.\r\n\r\nThe problem specifically exists within a routine that is responsible for\r\nsplitting the filename path into multiple components. Due to a parsing\r\nerror involving NULL characters, an attacker can force Adobe Reader to\r\nopen a file containing an unhandled file extension. If an overly long\r\nextension is supplied, a stack based overflow occurs.\r\n\r\nIII. ANALYSIS\r\n\r\nSuccessful exploitation allows an attacker to execute arbitrary code\r\nunder the privileges of the local user. Remote exploitation is possible\r\nby sending a specially crafted e-mail and attaching the malicious PDF\r\ndocument.\r\n\r\nIV. DETECTION\r\n\r\niDEFENSE has confirmed that Adobe Acrobat Reader version 6.0.1 is\r\nvulnerable. It is suspected that other versions of Adobe Acrobat Reader\r\nare vulnerable as well. Adobe Acrobat may also be vulnerable.\r\n\r\nV. VENDOR RESPONSE\r\n\r\nCoordinated public disclosure of this vulnerability did not occur.\r\nAccording to Adobe, the vulnerability was patched on June 7, 2004 when\r\nAdobe Reader 6.0.2 was released. A vendor security advisory was not\r\nreleased but the following statement was included in a changelog\r\n(http://www.adobe.com/support/techdocs/34222.htm) detailing the changes\r\nincluded in the 6.0.2 update:\r\n\r\n"Security update to further restrict malicious code execution."\r\n\r\nAdobe's official response is below:\r\n\r\n"Adobe Systems Incorporated recommends that users update to the latest\r\nrelease of Adobe Acrobat and the free Adobe Reader, version 6.0.2.\r\nInstructions and further information is available at:\r\nhttp://www.adobe.com/support/techdocs/34222.htm."\r\n\r\nVI. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CAN-2004-0632 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org), which standardizes names for\r\nsecurity problems.\r\n\r\nVII. DISCLOSURE TIMELINE\r\n\r\n02/02/2003 Exploit discovered by iDEFENSE\r\n03/11/2004 Initial vendor notification\r\n03/11/2004 Initial vendor response\r\n03/11/2004 iDEFENSE clients notified\r\n06/07/2004 Vendor update released\r\n07/12/2004 Public Disclosure\r\n\r\nVIII. CREDIT\r\n\r\nGreg MacManus (iDEFENSE Labs) is credited with this discovery.\r\n\r\nGet paid for vulnerability research\r\nhttp://www.idefense.com/poi/teams/vcp.jsp\r\n\r\nVI. LEGAL NOTICES\r\n\r\nCopyright (c) 2004 iDEFENSE, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\nemail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\nThere are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.netsys.com/full-disclosure-charter.html", "edition": 1, "modified": "2004-07-13T00:00:00", "published": "2004-07-13T00:00:00", "id": "SECURITYVULNS:DOC:6476", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6476", "title": "[Full-Disclosure] iDEFENSE Security Advisory 07.12.04: Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:02", "bulletinFamily": "software", "cvelist": ["CVE-2004-0632"], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Adobe Acrobat Reader. The Adobe Acrobat Reader fails to validate the filename path during parsing resulting in a buffer overflow. With a specially crafted request, an attacker can cause execute arbitrary code resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 6.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in Adobe Acrobat Reader. The Adobe Acrobat Reader fails to validate the filename path during parsing resulting in a buffer overflow. With a specially crafted request, an attacker can cause execute arbitrary code resulting in a loss of integrity.\n## References:\n[Secunia Advisory ID:12053](https://secuniaresearch.flexerasoftware.com/advisories/12053/)\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=116&type=vulnerabilities\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0492.html\nISS X-Force ID: 16667\n[CVE-2004-0632](https://vulners.com/cve/CVE-2004-0632)\n", "modified": "2004-07-12T04:41:24", "published": "2004-07-12T04:41:24", "href": "https://vulners.com/osvdb/OSVDB:7766", "id": "OSVDB:7766", "title": "Adobe Acrobat Reader File Extension Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-04-22T17:03:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0632"], "description": "This host is installed with Adobe Reader and is prone to buffer overflow\nvulnerability.", "modified": "2020-04-20T00:00:00", "published": "2014-04-16T00:00:00", "id": "OPENVAS:1361412562310804260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804260", "type": "openvas", "title": "Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804260\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2004-0632\");\n script_bugtraq_id(10696);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-16 10:27:12 +0530 (Wed, 16 Apr 2014)\");\n script_name(\"Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader and is prone to buffer overflow\nvulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw exist due to a parsing and boundary error when splitting filename paths\ninto components.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to conduct denial of service and\npossibly execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"Adobe Reader version 6.0 and 6.0.1 on Windows.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader 6.0.2 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/12053\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/16667\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/techdocs/330527.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Win/Installed\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/reader\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(readerVer)\n{\n if(version_in_range(version:readerVer, test_version:\"6.0\", test_version2:\"6.0.1\"))\n {\n report = report_fixed_ver(installed_version:readerVer, vulnerable_range:\"6.0 - 6.0.1\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
