{"vuid":"VU#31554","idnumber":"31554","name":"Adobe Acrobat products have buffer overflow in the CIDFont /Registry and /Ordering entries","keywords":["Adobe Acrobat","Ordering","CIDFont","Registry","buffer overflow","PDF"],"overview":"By embedding malicious code in a Portable Document Format (PDF) file, an attacker can cause arbitrary code to execute on the victim's system.","clean_desc":"The Adobe Acrobat PDF file format facility for specifying fonts contains buffer overflows in the /Registry and /Ordering entries. Each of these entries are not properly bounds checked, allowing at attacker to construct a malicious document which overflows an internal buffer and allows the execution of arbitary code. These entries are in the CIDSystemInfo dictionary. CID stands for \"character identifier\". The /Registry entry is for specifying which organization issued the character collection. For example \"Adobe\". The /Ordering entry is supposed to uniquely identify a character collection issued by the registry. An example could be \"Japan1\". More information about the PDF document format is available in the \"Portable Document Format Reference Manual\" from Adobe.","impact":"An attacker could execute arbitrary code on systems running a vulnerable Adobe product when the user views a malicious PDF file.","resolution":"Apply a patch Adobe released Version 4.05 Update 2, which corrects this problem: http://www.adobe.com/misc/pdfsecurity.html","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Cory F Cohen.","public":["http://www.securityfocus.com/bid/1509","http://www.adobe.com/misc/pdfsecurity.html"],"cveids":["CVE-2000-0713"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2000-08-03T19:48:41Z","publicdate":"2000-08-03T00:00:00Z","datefirstpublished":"2000-11-02T21:12:08Z","dateupdated":"2000-12-13T00:05:55Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"17","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"14","cam_impact":"17","cam_easeofexploitation":"7","cam_attackeraccessrequired":"8","cam_scorecurrent":"4.998","cam_scorecurrentwidelyknown":"5.7477","cam_scorecurrentwidelyknownexploited":"10.7457","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.998,"vulnote":null}