Vulnerabilities > CVE-2005-2470 - Remote Buffer Overflow vulnerability in Adobe Acrobat and Adobe Reader
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-11.NASL description The remote host is affected by the vulnerability described in GLSA-200508-11 (Adobe Reader: Buffer Overflow) A buffer overflow has been reported within a core application plug-in, which is part of Adobe Reader. Impact : An attacker may create a specially crafted PDF file, enticing a user to open it. This could trigger a buffer overflow as the file is being loaded, resulting in the execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19484 published 2005-08-23 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19484 title GLSA-200508-11 : Adobe Reader: Buffer Overflow NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F74DC01B0E8311DABC080001020EED82.NASL description A Adobe Security Advisory reports : The identified vulnerability is a buffer overflow within a core application plug-in, which is part of Adobe Acrobat and Adobe Reader. If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe Reader. A buffer overflow can cause the application to crash and increase the risk of malicious code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 21540 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21540 title FreeBSD : acroread -- plug-in buffer overflow vulnerability (f74dc01b-0e83-11da-bc08-0001020eed82) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-750.NASL description Updated acroread packages that fix a security issue are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Adobe Acrobat Reader allows users to view and print documents in portable document format (PDF). A buffer overflow bug has been found in Adobe Acrobat Reader. It is possible to execute arbitrary code on a victim last seen 2020-06-01 modified 2020-06-02 plugin id 63828 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63828 title RHEL 3 / 4 : Adobe Acrobat Reader (RHSA-2005:750) NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_047.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:047 (acroread). A buffer overflow was found in the core application plug-in for the Adobe Reader, that allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. This is tracked by the Mitre CVE ID CVE-2005-2470. Note that for SUSE Linux Enterprise Server 8 and SUSE Linux Desktop 1 Acrobat Reader support was already discontinued by an earlier announcement. last seen 2020-06-01 modified 2020-06-02 plugin id 19926 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19926 title SUSE-SA:2005:047: acroread
Redhat
| advisories |
|
References
- http://secunia.com/advisories/16466
- http://securitytracker.com/id?1014712
- http://www.adobe.com/support/techdocs/321644.html
- http://www.gentoo.org/security/en/glsa/glsa-200508-11.xml
- http://www.kb.cert.org/vuls/id/896220
- http://www.novell.com/linux/security/advisories/2005_19_sr.html
- http://www.redhat.com/support/errata/RHSA-2005-750.html
- http://www.securityfocus.com/bid/14603
- http://www.vupen.com/english/advisories/2005/1434
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21860