CVE-2007-6432 - Buffer Errors vulnerability in Adobe Pagemaker 7.0.1/7.0.2

Publication

2008-10-31

Last modification

2018-10-15

Summary

Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a malformed .PMD file, related to "Key Strings," a different vulnerability than CVE-2007-5169 and CVE-2007-5394.

Description

Adobe PageMaker is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.Adobe PageMaker 7.0.1 and 7.0.2 are vulnerable.

Solution

Adobe has released a fix. Please see the references for more information. Adobe Pagemaker 7.0.1 Adobe AldFs32.dll http://www.adobe.com/support/security/bulletins/downloads/APSA08-10.zi p

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:M/Au:N/C:C/I:C/A:C)

High

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Adobe Pagemaker  7.0.1 , 7.0.2