Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Adobe Acrobat Reader XML Forms Data Format Buffer Overflow

Mar 4, 2004 12:07AM PST

Critical:
Moderately critical
Impact: System access

Where: From remote



Software: Adobe Acrobat Reader 5.x




Description:
NGSSoftware has discovered a vulnerability in Adobe Acrobat Reader, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the debugging functionality when parsing documents in the XML forms data format (".xfdf"). This can be exploited to cause a buffer overflow by tricking a user into viewing a specially crafted XFDF document.

The vulnerability has been reported in version 5.1.

Solution:
The vendor reports that the vulnerability isn't present in the current version of Adobe Reader.
http://www.adobe.com/products/acrobat/readstep2.html

Provided and/or discovered by:
David Litchfield, NGSSoftware.


http://secunia.com/advisories/11037/

Discussion is locked