NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q3

[sec-adv] Adobe Reader WWWLaunchNetscape Buffer Overflow Vulnerability

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Thu Jul 10 2003 - 08:02:18 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Adobe Reader WWWLaunchNetscape Buffer Overflow Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9168/

CRITICAL:
Less critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Adobe Reader 5.x

DESCRIPTION:
A vulnerability has been identified in Adobe Reader for Linux, which
potentially can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to a boundary error in the
"WWWLaunchNetscape" function in the file "wwwlink.api". This can be
exploited via a malicious link in a PDF document, which when clicked
causes a buffer overflow.

Successful exploitation may result in execution of arbitrary code on
the system with the user's privileges, but requires that the user is
tricked into clicking the link and that connection type in "WebLink"
is set to "Netscape" (default setting).

The vulnerability has been confirmed in versions 5.0.5 and 5.0.7.
However, other versions may also be affected.

Several PoC (Proof of Concept) exploits have been released.

SOLUTION:
Don't click on links in PDF documents, or remove the "wwwlink.api"
plug-in located in "Acrobat5/Reader/intellinux/plug_ins/" (this
removes the weblink functionality).

REPORTED BY / CREDITS:
Identified by to different parties around the same time:

sec-labs team
Paul Szabo

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]