header-logo
Suggest Exploit
vendor:
Acrobat/Acrobat Reader
by:
SecurityFocus
7.5
CVSS
HIGH
Format String Vulnerability
134
CWE
Product Name: Acrobat/Acrobat Reader
Affected Version From: Adobe Acrobat/Acrobat Reader 5.0.5
Affected Version To: Adobe Acrobat/Acrobat Reader 6.0.2
Patch Exists: Yes
Related CWE: N/A
CPE: a:adobe:acrobat_reader
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

Adobe Acrobat/Acrobat Reader Remote Format String Vulnerability

Adobe Acrobat/Acrobat Reader is reported prone to a remote format string vulnerability. The vulnerability is present in the ETD file parser when processing tag values. Reports indicate that the values supplied for certain tags are used as the format string in an unspecified formatted output function. Because an attacker can control the format string and the variables passed to the formatted output function, this vulnerability may be exploited to write to arbitrary locations within the memory of the process.

Mitigation:

Adobe has released an update to address this issue. Users are advised to apply the appropriate update.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11934/info

Adobe Acrobat/Acrobat Reader is reported prone to a remote format string vulnerability. The vulnerability is present in the ETD file parser when processing tag values. Reports indicate that the values supplied for certain tags are used as the format string in an unspecified formatted output function. Because an attacker can control the format string and the variables passed to the formatted output function, this vulnerability may be exploited to write to arbitrary locations within the memory of the process.

<title>|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|</title>
<baseurl>|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|%p|</baseurl>