CVE-2007-6253 - Buffer Errors vulnerability in Adobe Form Client and Form Designer

Publication

2008-03-12

Last modification

2017-08-08

Summary

Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX controls.

Description

Adobe Form Designer and Adobe Form Client are prone to multiple buffer-overflow vulnerabilities.These issues affect ActiveX controls supplied with the applications and arise because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.An attacker can exploit these issues to execute arbitrary code in the context of an application running the control (typically Internet Explorer). Failed attacks will cause denial-of-service conditions.

Solution

The vendor released an advisory and patches to address these issues. Please see the references for more information. Adobe Form Designer 5.0 Adobe Adobe FormDesigner 5.0 patch 5.0.5990.2008 http://download.adobe.com/pub/adobe/server/formclient/win/p_des_5_0_59 90.zip Adobe Form Client 5.0 Adobe Adobe Form Client 5.0 patch 5.0.5990.2008 http://download.adobe.com/pub/adobe/server/formclient/win/p5_0_5990.zi p

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:M/Au:N/C:C/I:C/A:C)

High

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Adobe Form Client  5.0
Adobe Form Designer  5.0