|
| Just the facts | ||
| Title | Adobe Reader & Adobe Acrobat: Plug-In Buffer Overflow Vulnerability - for Windows, Mac, Linux & Solaris Versions of Software | |
| Description | Vulnerability can be exploited to compromise a user's system. | |
| CyTRAP Labs ID | CT110025 | |
| Original release date | 2005-08-16 | |
| Systems affected | ||
| Version number | 1.0 | |
| ISSN | 1603-9858 | |
| Verify threat | http://casescontact.org/alerts/110025 | |
| Risk assessment | High | |
| Impact/Severity | High | |
Why not get new tips and alerts by e-mail directly to your in-box? It's much more convenient: |
||
| What is the problem? | ||
| Admin | A) VULNERABILITY A vulnerability has been reported in: These can be exploited by malicious people to run arbitrary code. B) THREAT These vulnerabilities pose a threat, whereby the result could be a buffer overflow within a core application plug-in, which is part of Adobe Acrobat and Adobe Reader ((explanation for What is a buffer overflow - go to lower part of CyTRAP110020 alert - see here: http://casescontact.org/alerts/110020 . If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe Reader. This vulnerabilities is rated "critical" by the vendor, who recommends that users install the fix - with the upgrade - ASAP. C) IMPACT A buffer overflow can cause the application to crash and increase the risk of malicious code execution. |
|
| How does it affect me? | Should I Worry?
Yes Adobe is a widely used program and many desktops and notebooks come with Adobe Reader factory installed. Affects software versions running on Windows, MAC as well as Linux and Solaris operating systems. |
|
| Systems affected | Adobe Reader - Versions Adobe Acrobat - Versions Be aware that versions running on Mac OS as well as Linux or Solaris are also affected by this vulnerability. |
|
| Not affected systems | Other versions of Adobe Acrobat and Adobe Reader Other pdf readers or software that allows creating pdf files is available (see end of this alert for link for free downloads). | |
| Minimize your exposure to this threat - follow the steps outlined below | ||
| How do I fix it |
The vulnerabilities have been fixed and are already available for Windows and Mac OS as follows:
http://www.adobe.com/support/downloads For version 6.0-6.0.3, users should utilize the product's automatic update facility to install version 6.0.4 or alternatively download from the above link. For version 5.0-5.0.5, users should download and install the 5.0.10
|
|
| Other Actions | Adobe Alternatives for Free HereJust in case you want to create a pdf file in Word, without using Adobe Acrobat, there is a free plug in available here:http://security.weburb.dk/frame/show/news/3057 If you want to read a pdf file you can use another program than Adobe Reader that is also faster and has all the same features and more, download it from here: http://security.weburb.dk/frame/show/news/3744
French Version from CASES.lu ==> Adobe Acrobat vulnérable - procédez à une mise-à-jourhttp://www.cases.public.lu/alertes/2005/08/17_acrobat/index.html |
|
| If you need more information, please read on. Otherwise follow the steps outlined above. | ||
| Source | Secunia | |
| Source URL | http://secunia.com/advisories/16466/ | |
| Source date | 2005-08-16 | |
| Other source URL | http://www.adobe.com/support/techdocs/321644.html | |
| Other source date | 2005-08-16 | |
| More information | Adobe | |
| CAN | CVE-2005-2470 | |
| CVE | CVE-2005-2470 | |
| Microsoft | - | |
| Secunia | SA16466 | |
| iDefense | -.- | |
| USCert | - | |
| CyTRAP labs ID | - | |
| Other source | Adobe Security Advisory 321644 | |
| CYTRAP resources - check it out - because it will help you better protect yourself | ||
| Administrative | ||
| Author | Urs E. Gattiker - CyTRAP Labs | |
| Revisions | ||
| Contact details | Web: http://CASEScontact.org E-mail: support01 at CASEScontact.org Tel: +41(0)76-200-7778 or + 44(0)70-9237-6036 Fax: +44(0)70-9237-6036, dial 3 send fax |
|
|
--END of ADVISORY - Important Info Below-- | |
 | |
| We recommend that you VERIFY ALL ADVISORIES you receive IMMEDIATELY, by clicking on the link provided at the top of this alert. |
|
| |
NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. |
|
| |
Ride the rollercoaster successfully by subscribing to our alerts, tips, tools and skills training receiving them either via: 1) e-mail
| |
| |
NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. |
|
| |
CASES writers & sponsors do not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. Full DISCLAIMER notice at: http://www.casescontact.org/terms.php |
|
| |
UNSUBSCRIBE If you no longer wish to receive this THREAT ALERT, please Unsubscribe at: http://www.casescontact.org/unsubscribe.php QUESTIONS, comments, ideas? Cheer us up at:Alerts-Comments at CASEScontact.org CASEScontact.org -- Threat Alerts and Security Notices --clear and precise, no compromise - |
|
| |
-- END of THREAT ALERT -- Copyright (c) 2007 by CyTRAP labs - Urs E. Gattiker. All rights reserved. | |