| | site-map | e-mail

User:

Guest

Name: Password:

www.center.hu / Archive / Security news / december, 2006 / Adobe Reader and Acrobat AcroPDF.dll denial of service vulnerability 

Adobe Reader and Acrobat AcroPDF.dll denial of service vulne

Adobe Reader and Acrobat AcroPDF.dll denial of service vulne

Date Discovered: 2006. november 28.
Date Published: 2006. december 4.
Last Updated: 2006. december 4.

Threat Assessment
Overall Risk: Medium
Impact:          High
Popularity:    Medium
Simplicity:     Medium

Vulnerability Description
Vulnerability ID:          34805
Discovered By:            Michal Bucko
Exploitable Locally:     No
Exploitable Remotely: Yes
Impact:                        A remote attacker can cause a denial of service condition.
Root Cause:                 Software Vulnerability

Adobe reader and Acrobat contain a vulnerability that can allow a remote attacker to cause a denial of service condition. The vulnerability is due to improper handling of malformed arguments passed to the ˝setPageMode()˝, ˝setLayoutMode()˝, ˝setNamedDest()˝, and ˝LoadFile()˝ methods by AcroPDF ActiveX control. An attacker can entice a user to visit a specially crafted website to cause a denial of service condition.

 

 

More information on CA Vulnerability Information Center: 
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34805

Computer Associates – the Trusted Source of Security Knowledge

 

2006-12-08 12:13

Back