{"vuid":"VU#253024","idnumber":"253024","name":"Adobe Acrobat Reader for UNIX contains a buffer overflow in mailListIsPdf()","keywords":["Adobe","Acrobat Reader","arbitrary code execution","buffer overflow","mailListIsPdf()"],"overview":"A buffer overflow in Adobe Acrobat Reader for UNIX could allow a remote attacker to execute arbitrary code.","clean_desc":"Adobe Acrobat Reader is an application that allows users to view PDF (Portable Document Format) files. Acrobat Reader for UNIX (Linux, Sun Solaris SPARC, IBM AIX, or HP-UX) contains a buffer overflow in the mailListIsPdf() function. This function determines if the specified input file is an email message containing a PDF attachment. When parsing the email message, this function unsafely copies user-supplied data to a fixed size buffer.","impact":"An attacker could execute arbitrary code with privileges of the local user. Remote exploitation could be possible by attaching a specially crafted PDF to an email message.","resolution":"Upgrade Acrobat Reader\nThis issue is resolved in Acrobat Reader 5.0.10 for UNIX.","workarounds":"Patch acroread shell script The iDEFENSE Security Advisory 12.14.04 contains an unofficial patch for the acroread shell script. According to the advisory, this patch verifies that the files passed to the Acrobat Reader application are PDF documents.","sysaffected":"","thanks":"This vulnerability was reported by Greg MacManus.","author":"This document was written by Will Dormann, based on the information provided in the iDEFENSE Security Advisory 12.14.04 .","public":["http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities","http://www.adobe.com/support/techdocs/331153.html","http://secunia.com/advisories/13474/"],"cveids":["CVE-2004-1152"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-12-15T14:16:28Z","publicdate":"2004-12-14T00:00:00Z","datefirstpublished":"2005-01-20T22:23:21Z","dateupdated":"2005-03-09T15:36:08Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"10","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"14","cam_easeofexploitation":"2","cam_attackeraccessrequired":"15","cam_scorecurrent":"1.02375","cam_scorecurrentwidelyknown":"1.81125","cam_scorecurrentwidelyknownexploited":"3.38625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.02375,"vulnote":null}