Adobe Acrobat PDF Execute Arbitrary Command via Hotlink

1997-05-08T00:00:00
ID OSVDB:2928
Type osvdb
Reporter OSVDB
Modified 1997-05-08T00:00:00

Description

Vulnerability Description

Adobe Acrobat contains a flaw that allows a malicious user to inject arbitrary commands into a PDF document via hotlinks. A victim who receives a trojaned PDF file need only open the document for the commands to be executed in some cases.

Solution Description

Upgrade to version 3.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Adobe Acrobat contains a flaw that allows a malicious user to inject arbitrary commands into a PDF document via hotlinks. A victim who receives a trojaned PDF file need only open the document for the commands to be executed in some cases.

References:

Generic Informational URL: http://www.tbtf.com/archive/1997-05-08.html