Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0632

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0632
Last Modified 10 Sep 2008 03:27:03
Published 27 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0632

Summary

Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow.

Vulnerable Systems

Application

  • Adobe Acrobat 6.0

  • Adobe Acrobat 6.0.1

  • Adobe Acrobat Reader 6.0

  • Adobe Acrobat Reader 6.0.1


References

XF - adobe-acrobat-null-bo(16667)

MISC - http://www.adobe.com/support/techdocs/34222.htm

CONFIRM - http://www.adobe.com/support/techdocs/330527.html

IDEFENSE - 20040712 Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability


Last Updated: 27 May 2016 10:38:41