OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [SPSadvisory#39]Adobe Acrobat Series PDF File Buffer Overflow
From: Dan Harkless (dan-bugtraqDILVISH.SPEED.NET)
Date: Fri Aug 04 2000 - 16:17:58 CDT

UNYUN <shadowpenguinBACKSECTION.NET> writes:
> SPS Advisory #39
> Adobe Acrobat Series PDF File Buffer Overflow
>
> UNYUN <shadowpenguinbacksection.net>
> Shadow Penguin Security (http://shadowpenguin.backsection.net)
> -------------------------------------------------------------
>
> [Date]
>
> July 26, 2000
>
> [vulnerable]
>
> Acrobat Reader 3.0J for Windows95/98/NT/2000
> Acrobat Reader 4.0J for Windows95/98/NT/2000
> Acrobat Reader 4.05J for Windows95/98/NT/2000
> Acrobat 3.0J for Windows95/98/NT/2000
> Acrobat 4.0J for Windows95/98/NT/2000
> Acrobat 4.05J for Windows95/98/NT/2000
> Adobe Acrobat Business Tools for Windows95/98/NT/2000
> Adobe Acrobat FillIn for Windows95/98/NT/2000
>
> [not vulnerable]
>
> Adobe Acrobat/reader/FillIn/BuinessTools 4.05c
>
[...]

I take it you didn't test non-Japanese versions other than 4.05c? The page
on the Adobe site you mention:

    http://www.adobe.com/misc/pdfsecurity.html

says that the "Affected products" are just the 4.05 versions (and "Fill
In"), but they also say that if you have earlier versions you should upgrade
to 4.05 before applying "Update 2".

It's therefore ambiguous whether, for instance, U.S. Acrobat Reader 4.0 is
affected. Oh well, I guess I'll assume it is and download 4.05c at:

    http://www.adobe.com/products/acrobat/readmemain.html

----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraqdilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.