Adobe Acrobat Reader “mailListIsPdf()” Function Buffer Overflow

iDEFENSE has reported a vulnerability in Adobe Acrobat Reader, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error in the “mailListIsPdf()” function when checking input files. This can be exploited to cause a buffer overflow by e.g. sending an e-mail with a malicious PDF document attached or a link to one. Successful exploitation allows execution of arbitrary code.

Secunia Advisory: SA13474
Release Date: 2004-12-15
Last Update: 2005-01-21

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: Adobe Acrobat Reader 5.x

CVE reference: CVE-2004-1152 (Secunia mirror)

Description:
iDEFENSE has reported a vulnerability in Adobe Acrobat Reader, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a boundary error in the “mailListIsPdf()” function when checking input files. This can be exploited to cause a buffer overflow by e.g. sending an e-mail with a malicious PDF document attached or a link to one.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been reported in version 5.0.9 for Unix. Prior versions may also be affected.

Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/

Solution:
Update to version 5.0.10 for Unix.
http://www.adobe.com/products/acrobat/readstep2.html

Provided and/or discovered by:
Greg MacManus, iDEFENSE Labs.

Changelog:
2005-01-21: Added link to US-CERT vulnerability note.

Original Advisory:
Adobe: http://www.adobe.com/support/techdocs/331153.html

iDEFENSE: http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities

Other References:
US-CERT VU#253024: http://www.kb.cert.org/vuls/id/253024