Spyware, Viruses, & Security forum

General discussion

Vulnerabilties - July 5, 2005

Security Advisory: Temporary file vulnerability due to Adobe Reader (Linux, Solaris, HP-UX, IBM-AIX)

Advisory Name: Temporary file vulnerability due to Adobe Reader

Release Date: July 05, 2005
Product: Adobe Reader 5.0.9, 5.0.10
Platform: Linux, Solaris, HP-UX, IBM-AIX
Vulnerability Identifier: CAN-2005-1841

Overview: A vulnerability within Adobe Reader has been identified. Under special circumstances, temporary files with elevated permissions are created when PDF documents are opened using Adobe Reader.

Adobe has solutions available that can rectify these issues. Please refer to the "Recommendations" section for further information.

Effect: If exploited, this vulnerability could make it possible for malicious, local users to view other users' PDF documents.

Details: The vulnerability is within the Adobe Reader control. When a PDF file is opened using Adobe Reader, randomly generated temporary files are created in the temporary folder. These temporary files could have elevated permissions based on the user's umask (permissions). However these temporary files are deleted when the actual PDF document is closed.

Recommendations:

Do one of the following:

-- If you use Adobe Reader 5.0.9 or 5.0.10 on Linux or Solaris, download Adobe Reader 7.0 at www.adobe.com/products/acrobat/readstep2.html

-- If you use Adobe Reader 5.0.9 or 5.0.10 on IBM-AIX or HP-UX, download Adobe Reader 5.0.11 at www.adobe.com/products/acrobat/readstep2.html

Caveats: None

Vulnerability Identifier Cross-Reference: CVE ID: CAN-2005-1841

Acknowledgment: Adobe would like to thank Secunia, for reporting the issue.

http://www.adobe.com/support/techdocs/329121.html

Discussion is locked
You are posting a reply to: Vulnerabilties - July 5, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Vulnerabilties - July 5, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Adobe Security Advisory: Buffer overflow vuln. in Reader

In reply to: Vulnerabilties - July 5, 2005

Security Advisory: Buffer overflow vulnerability in Adobe Reader (Linux, Solaris, HP-UX, IBM-AIX)

Advisory Name: Buffer overflow vulnerability in Adobe Reader
Release Date: July 05, 2005
Product: Adobe Reader 5.0.9, 5.0.10
Platform: Linux, Solaris, HP-UX, IBM-AIX
Vulnerability Identifier: CAN-2005-1625

Overview: A vulnerability within Adobe Reader has been identified. Under certain circumstances, remote exploitation of a buffer overflow in Adobe Reader could allow an attacker to execute arbitrary code.

Adobe has solutions available that can rectify these issues. Please refer to the "Recommendations" section for further information.

Effect: If exploited, it could allow the execution of arbitrary code under the privileges of the local user. Remote exploitation is possible if the malicious PDF document is sent as an email attachment or if the PDF document is accessed via a web link.

Details: The vulnerability is within the Adobe Reader control. Under special circumstances, if a malicious PDF file is opened using Adobe Reader, a stack buffer overflow could occur resulting in the execution of arbitrary code.

Recommendations:

Do one of the following:

-- If you use Adobe Reader 5.0.9 or 5.0.10 on Linux or Solaris, download Adobe Reader 7.0 at www.adobe.com/products/acrobat/readstep2.html.

-- If you use Adobe Reader 5.0.9 or 5.0.10 on IBM-AIX or HP-UX, download Adobe Reader 5.0.11 at www.adobe.com/products/acrobat/readstep2.html.

Caveats: None

Vulnerability Identifier Cross-Reference: CVE ID: CAN-2005-1625

Acknowledgment: Adobe would like to thank iDEFENSE Labs, for reporting the issue.

http://www.adobe.com/support/techdocs/329083.html

Collapse -
Security Update for Internet Explorer (KB903235)

In reply to: Vulnerabilties - July 5, 2005

Microsoft released a security update for Internet Explorer that affects Internet Explorer in Windows:

Security issues have been identified that could allow an attacker to compromise a computer running Internet Explorer and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

1. Security Update for Internet Explorer 6 Service Pack 1 (KB903235) - this update applies to Internet Explorer 6 SP1 in Windows XP SP1, Windows 2000 SP3, Windows 2000 SP4, Windows 98, Windows 98SE, Windows Millennium

Download the update via Microsoft Update or Windows Update website or manually get it from Microsoft Download Center - http://www.microsoft.com/downloads/details.aspx?FamilyID=2a506c16-01ef-4060-bcf8-6993c55840a9&DisplayLang=en

2. Security Update for Internet Explorer 5.01 for Windows 2000 (KB903235) - this update applies to Internet Explorer 5.01 in Windows 2000 SP4 and Windows 2000 SP3

Download the update via Microsoft Update or Windows Update website or manually get it from Microsoft Download Center - http://www.microsoft.com/downloads/details.aspx?FamilyID=25982e02-ec6d-44ce-82de-12ddef1addd6&DisplayLang=en

3. Security Update for Internet Explorer 5.5 Service Pack 2 (KB903235) - this update applies to Internet Explorer 5.5. SP2 in Windows Millennium Edition (Windows Me)

Download the update via Microsoft Update or Windows Update website or manually get it from Microsoft Download Center - http://www.microsoft.com/downloads/details.aspx?FamilyID=06f8cd1b-93a0-4522-af7d-603dd5c2bacb&DisplayLang=en

4. Security Update for Internet Explorer for Windows XP Service Pack 2 (KB903235) - this update applies to Internet Explorer in Windows XP SP2

Download the update via Microsoft Update or Windows Update website or manually get it from Microsoft Download Center - http://www.microsoft.com/downloads/details.aspx?FamilyID=c1381768-6c6d-4568-97b1-600db8798ebf&DisplayLang=en

5. Security Update for Internet Explorer for Windows Server 2003 (KB903235) - this update applies to Internet Explorer in Windows Server 2003 Family (Windows Server 2003; Windows Server 2003 Service Pack 1)

Download the update via Microsoft Update or Windows Update or SUS website or manually get it from Microsoft Download Center - http://www.microsoft.com/downloads/details.aspx?FamilyID=f368e231-9918-4881-9f17-60312f82183f&DisplayLang=en

6. Security Update for Internet Explorer for Windows Server 2003 x64-bit Edition (KB903235) - this update applies to Internet Explorer in Windows Server 2003, Datacenter x64 Edition; Windows Server 2003, Enterprise x64 Edition; Windows Server 2003, Standard x64 Edition

Download the update via Microsoft Update or Windows Update or SUS website or manually get it from Microsoft Download Center - http://www.microsoft.com/downloads/details.aspx?FamilyID=68209225-a682-4008-a22b-881c401486f7&DisplayLang=en

7. Security Update for Internet Explorer for Windows Server 2003 Itanium 64-bit Edition (KB903235) - this update applies to Internet Explorer in Windows Server 2003 Family Itanium 64-bit (Windows Server 2003; Windows Server 2003 Service Pack 1 for Itanium-base)

Download the update via Microsoft Update or Windows Update or SUS website or manually get it from Microsoft Download Center - http://www.microsoft.com/downloads/details.aspx?FamilyID=d785f9ab-dbe9-4272-a87e-64205690f98e&DisplayLang=en

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!