[16091] in bugtraq

home help back first fref pref prev next nref lref last post

Re: [SPSadvisory#39]Adobe Acrobat Series PDF File Buffer Overflow

daemon@ATHENA.MIT.EDU (Dan Harkless)
Mon Aug 7 02:46:00 2000

Message-ID:  <200008042117.OAA15678@dilvish.speed.net>
Date:         Fri, 4 Aug 2000 14:17:58 -0700
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  Message from UNYUN <shadowpenguin@BACKSECTION.NET> of "Thu, 27
              Jul 2000 01:42:21 +0900."
              <397F14ED21C.75B8SHADOWPENGUIN@ss.iij4u.or.jp>

UNYUN <shadowpenguin@BACKSECTION.NET> writes:
> SPS Advisory #39
> Adobe Acrobat Series PDF File Buffer Overflow
>
> UNYUN <shadowpenguin@backsection.net>
> Shadow Penguin Security (http://shadowpenguin.backsection.net)
> -------------------------------------------------------------
>
> [Date]
>
> July 26, 2000
>
> [vulnerable]
>
> Acrobat Reader 3.0J for Windows95/98/NT/2000
> Acrobat Reader 4.0J for Windows95/98/NT/2000
> Acrobat Reader 4.05J for Windows95/98/NT/2000
> Acrobat 3.0J for Windows95/98/NT/2000
> Acrobat 4.0J for Windows95/98/NT/2000
> Acrobat 4.05J for Windows95/98/NT/2000
> Adobe Acrobat Business Tools for Windows95/98/NT/2000
> Adobe Acrobat FillIn for Windows95/98/NT/2000
>
> [not vulnerable]
>
> Adobe Acrobat/reader/FillIn/BuinessTools 4.05c
>
[...]

I take it you didn't test non-Japanese versions other than 4.05c?  The page
on the Adobe site you mention:

    http://www.adobe.com/misc/pdfsecurity.html

says that the "Affected products" are just the 4.05 versions (and "Fill
In"), but they also say that if you have earlier versions you should upgrade
to 4.05 before applying "Update 2".

It's therefore ambiguous whether, for instance, U.S. Acrobat Reader 4.0 is
affected.  Oh well, I guess I'll assume it is and download 4.05c at:

    http://www.adobe.com/products/acrobat/readmemain.html

----------------------------------------------------------------------
Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.
home help back first fref pref prev next nref lref last post