CERT-In Advisory
CIAD-2004-0020
Multiple vulnerabilities in Adobe Acrobat Reader
Original Issue Date: August 14, 2004
Severity Rating: High
Systems Affected
- Adobe Acrobat Reader 5.x and earlier
Software Affected
Overview
Three vulnerabilities have been reported by iDEFENSE in different versions of Adobe Acrobat Reader. An attacker can exploit these vulnerabilities to run arbitrary code on compromised systems.
Impact
Execution of arbitrary code
Description
1. Adobe Acrobat Reader (Unix) Shell Metacharacter Code Execution Vulnerability (CAN-2004-0630)
The Adobe Acrobat Reader 5.0 on UNIX and LINUX automatically attempt to convert uuencoded documents back into their original format. Acrobat Reader fails to check for the backtick shell metacharacter in the filename before executing a command with a shell. This allows a maliciously constructed filename to execute arbitrary programs. The Windows versions of Acrobat Reader are not affected by this vulnerability.
2. Adobe Acrobat Reader Unix 5.0 Uudecode Filename Buffer Overflow Vulnerability (CAN-2004-0631)
Adobe Acrobat Reader uses uuencoding feature to convert the 8 bit data into 6 bit format for transmission via e-mail. While converting back to the original format, it uses uudecoding feature. Acrobat Reader does not check the length of the filename before copying it into a fixed length buffer. An attacker can use a specially constructed file to cause a buffer overflow and execute arbitrary code. The code is executed under the privileges of the user who has opened the document. The Windows versions of Acrobat Reader are not affected by this vulnerability.
3. Adobe Acrobat Reader ActiveX Control Buffer Overflow Vulnerability (CAN-2004-0629)
A buffer overflow vulnerability exists in the ActiveX component packaged with Acrobat Reader which allows remote attackers to execute arbitrary code. The problem exists upon retrieving certain links containing malicious crafted long string with acceptable URI characters. The exploit works on webservers which truncate requested URI such as IIS and Netscape Enterprise. Though the requested URI is truncated for the purposes of locating the file, the crafted long string is still passed to the Adobe ActiveX component responsible for rendering the page.
iDEFENSE has reported that Acrobat 5.0.5 and pdf.ocx version 5.0.5.452 are affected by this vulnerability and suspects that other versions of Adobe Acrobat Reader may also be affected.
Solution
- Upgrade to latest versions of Adobe Acrobat Reader.
Workaround
- Exercise caution before opening email attachments from untrusted sources.
- Avoid opening of PDF files accessed through the web browser. Instead save the file to disk before opening.
- Apply updates available from vendor regularly.
Vendor Information
Adobe Systems
http://www.adobe.com/
References
iDEFENSE Advisories
http://www.idefense.com/application/poi/display?type=vulnerabilities
Secunia Advisory SA12285
http://secunia.com/advisories/12285/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-2436857
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|