Adobe Acrobat Buffer Overflow in ‘pdf.ocx’

SecurityTracker URL:
Impact:  Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  
Advisory:  iDEFENSE
Version(s): 6.0.2 and prior versions
Description:  iDEFENSE reported a buffer overflow vulnerability in an ActiveX component of Adobe Acrobat. A remote user can execute arbitrary code on the target user’s system.

It is reported that a remote user can create a PDF file with a specially crafted embedded HTTP link so that when the file is opened, the buffer overflow will be triggered.

If the request is made to a web server (e.g., IIS, Netscape Enterprise Server) that truncates the request at the null byte (%00), the ActiveX component will overflow a buffer within the RTLHeapFree() function. Arbitrary code can be executed with the privileges of the target user.

The vendor was reportedly notified on April 14, 2004.

Rafel Ivgi is credited with discovering this flaw.

The original advisory is available at:
Impact:  A remote user can execute arbitrary code on the target system with the privileges of the target user.
Solution:  iDEFENSE reported that you can modify the Adobe Acrobat settings to prevent PDF files from being automatically opened when accessed via a web browser (under Edit, Preferences, uncheck “Display PDF in browser”)

iDEFENSE also reported that Adobe may have attempted to silently fix this flaw in version 6.0.2, but was unsuccessful.
Vendor URL:
Cause:  Boundary error
Underlying OS:  Windows (Any)

Leave a Reply