Acrobat Reader at risk from security flaw

Adobe users are being warned of a serious problem affecting Acrobat Reader. The flaw leaves users open to attack via maliciously crafted PDF files, which can be spread via e-mail attachments or web page links, and can be used to take control of a system.

  • E-Mail
By  Caroline Denslow Published  July 17, 2005

Adobe users are being warned of a serious problem affecting Acrobat Reader. The flaw leaves users open to attack via maliciously crafted PDF files, which can be spread via e-mail attachments or web page links, and can be used to take control of a system. The vulnerability results from a buffer overflow in the application’s UnixAppOpenFilePerform() — a function Acrobat Reader calls while opening certain documents — which can be remotely exploited, allowing an attacker to execute arbitrary code. The impact of the vulnerability is somewhat lessened by the fact that two error messages appear before the exploit takes effect, but closing the message windows does not prevent the attack from taking place, iDefense said. The bug can be found in Acrobat Reader versions 5.0.9 and 5.0.10 for Unix, as well as its Linux counterparts. Acrobat for Windows and Acrobat 7.0 for Unix, however, are not affected. iDefense recommends caution when opening attachments or following links. It is also advisable to upgrade to an unaffected version, such as Acrobat Reader 7.0.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code