Acrobat Reader ActiveX Control URI Request Heap

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

adobe

NVD

Published: 2004-09-28

Updated: 2017-07-11

Summary

Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Acrobat 5.0 Adobe Acrobat 5.0.5 Adobe Acrobat 6.0 Adobe Acrobat 6.0.1 Adobe Acrobat 6.0.2 Adobe Acrobat Reader 5.0 Adobe Acrobat Reader 5.0.5 Adobe Acrobat Reader 5.1 Adobe Acrobat Reader 6.0 Adobe Acrobat Reader 6.0.1 Adobe Acrobat Reader 6.0.2	11

References

http://www.adobe.com/support/techdocs/330527.html
http://www.gentoo.org/security/en/glsa/glsa-200408-14.xml
http://www.idefense.com/application/poi/display?id=126&type=vulnerabilities
http://www.securityfocus.com/bid/10947
https://exchange.xforce.ibmcloud.com/vulnerabilities/16998