Adobe Acrobat Vulnerabilities

Here we go again, another notch in my plugin vulnerabilities belt. I will not insult your intelligence by explaining what PDF is; but I will insult your intelligence by telling you that PDFs can be used to attack web browsers. Heading back to the CVE repository once more, we find the following problems with Adobe Acrobat Reader:

CVE-2006-3453: "Adobe Acrobat 6.0.4 and earlier" (according to the Adobe page, not CVE) have an unspecified problem which can cause a buffer overflow which can cause the standard DoS or potential code execution. The reason this is unspecified is because this was a preemptive bug strike by Adobe! Shock and awe!

CVE-2006-3093:From the Adobe link: "Fixes to address various Reader crashes." and "Security: several security bug fixes have been made, with one considered critical for the Macintosh OS and several considered to have a low rating for Windows." Another successful preemptive strike by Adobe! Take that would-be |-|4x0rz!

CVE-2005-2470: Adobe Reader 5.1 through 7.0.2 have a buffer overflow. ISS X-Force found it, but I like the way that they reverse the traditional catch all expression where you say it can cause a DoS and possibly remote code execution. They said "a remote attacker could overflow a buffer and execute arbitrary code on the system, or possibly cause a denial of service." so it's clearly easier to exploit than crash :). Work with me here people; I have to grab at any amusement I can when I'm sifting through all these exploits which say almost no details and all look the same.

CVE-2005-1625: Ok, now we're doing a little better. This one is reported by iDefense, and we at least get a function name(UnixAppOpenFilePerform) and the parameter which is overly long (Filespec tag). However, this is quite limited in that it only effects Adobe Reader 5.0.9 and 5.0.10 for Unix.

CVE-2005-1306: Ok, this one is a little different as it's a file disclosure vulnerability. From the CVE "The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script." I'm with Adobe on this one though in that "the impact is minimized due to the fact that the existence of local files can only be discovered if the complete filenames and paths are known in advance by the attacker." This could still have possibly been used in clever ways to gain information for the attacker, so it's still worth thinking about, if only as a mental exercise. For instance: What useful information could you gain with this vulnerability? What other attacks would you combine that information with?.

CVE-2005-0492: This is just a plain old DoS. It's even not clear to me that it guarantees that it would crash a browser in which it was loaded, or whether the plugin would just not work. However, since it is often the case that crashed plugins crash the clients, I have just included it for completeness.

CVE-2005-0035: Another file-existence disclosure vulnerability. So go back to CVE-2005-1306 above and do that mental exercise I recommended. :)

There's quite a few more for 2004, but since I don't like writing lists for their own sake. I may update this article eventually to include them, but for now I will let you check it out on your own, if you are so inclined.