Bugtraq mailing list archives

Re: [SPSadvisory#39]Adobe Acrobat Series PDF File Buffer Overflow

From: Dan Harkless <dan-bugtraq () DILVISH SPEED NET>
Date: Fri, 4 Aug 2000 14:17:58 -0700

UNYUN <shadowpenguin () BACKSECTION NET> writes:

SPS Advisory #39
Adobe Acrobat Series PDF File Buffer Overflow

UNYUN <shadowpenguin () backsection net>
Shadow Penguin Security (http://shadowpenguin.backsection.net)
-------------------------------------------------------------

[Date]

July 26, 2000

[vulnerable]

Acrobat Reader 3.0J for Windows95/98/NT/2000
Acrobat Reader 4.0J for Windows95/98/NT/2000
Acrobat Reader 4.05J for Windows95/98/NT/2000
Acrobat 3.0J for Windows95/98/NT/2000
Acrobat 4.0J for Windows95/98/NT/2000
Acrobat 4.05J for Windows95/98/NT/2000
Adobe Acrobat Business Tools for Windows95/98/NT/2000
Adobe Acrobat FillIn for Windows95/98/NT/2000

[not vulnerable]

Adobe Acrobat/reader/FillIn/BuinessTools 4.05c

[...]

I take it you didn't test non-Japanese versions other than 4.05c?  The page
on the Adobe site you mention:

    http://www.adobe.com/misc/pdfsecurity.html

says that the "Affected products" are just the 4.05 versions (and "Fill
In"), but they also say that if you have earlier versions you should upgrade
to 4.05 before applying "Update 2".

It's therefore ambiguous whether, for instance, U.S. Acrobat Reader 4.0 is
affected.  Oh well, I guess I'll assume it is and download 4.05c at:

    http://www.adobe.com/products/acrobat/readmemain.html

----------------------------------------------------------------------
Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq () dilvish speed net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.

Current thread:

Re: [SPSadvisory#39]Adobe Acrobat Series PDF File Buffer Overflow Dan Harkless (Aug 06)
- <Possible follow-ups>
- Re: [SPSadvisory#39]Adobe Acrobat Series PDF File Buffer Overflow Dan Harkless (Aug 07)