We support Microsoft .NET Framework 2.0 & 1.1, all versions of Access, SQL 2000, SQL 7.0, SQL 2005 Express, SOAP, FrontPage 2002, 2003, Visual Studio 2005, Index Server, XML, UDDI, & Mobile device support. We also offer great third party tools like SmarterMail, Merak Mail, SmarterStats, PHP, Perl, MySql, DeepMetrix Livestats XSP 8.0.   We support Microsoft .NET Framework 2.0 & 1.1, all versions of Access, SQL 2000, SQL 7.0, SQL 2005 Express, SOAP, FrontPage 2002, 2003, Visual Studio 2005, Index Server, XML, UDDI, & Mobile device support. We also offer great third party tools like SmarterMail, Merak Mail, SmarterStats, PHP, Perl, MySql, DeepMetrix Livestats XSP 8.0.
 Saturday, August 20, 2005
Adobe Acrobat / Reader Plug-in


Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
 
Software: Adobe Acrobat 5.x
Adobe Acrobat 6.x
Adobe Acrobat 7.x
Adobe Acrobat Reader 5.x
Adobe Reader 6.x
Adobe Reader 7.x
  Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
 
CVE reference: CAN-2005-2470
 
Description:
A vulnerability has been reported in Adobe Reader and Adobe Acrobat, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified boundary error in the core application plug-in and can be exploited to cause a buffer overflow when a specially crafted file is opened.

Successful exploitation may allow execution of arbitrary code.

Solution:
Install updated version.

Adobe Reader (Windows or Mac OS):
Update to version 7.0.3 or 6.0.4.

Adobe Reader (Linux or Solaris):
Update to version 7.0.1.

Adobe Acrobat (Windows or Mac OS):
Update to version 7.0.3, 6.0.4, or 5.0.10.

Provided and/or discovered by:
Reported by vendor.

Original Advisory:
Adobe:
http://www.adobe.com/support/techdocs/321644.html

Other References:
US-CERT VU#896220:
http://www.kb.cert.org/vuls/id/896220
Threats
8/20/2005 8:06:12 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |  Comments [0]  | 
Related Posts:
UPS phishing again
Obama sex video
Attack Breaks DNS Patches!
Kaminsky provides the why
DNS vulnerability
MPack: the Strange Case of the Mass-Hacking Tool