Original URL: http://www.theregister.co.uk/2005/07/06/adobe_vuln/

Adobe update quells Unix PDF peril

Acrobat stability restored

By John Leyden

Posted in Security, 6th July 2005 10:26 GMT

In brief Adobe has issued patches for a common vulnerability in various Unix versions of its Acrobat Reader software to guard against possible hacker attack.

The vulnerability stems from a boundary error in "UnixAppOpenFilePerform()" function when Acrobat Reader is opening a document containing a "/Filespec" tag. This stack buffer overflow security bug creates a means for hackers to construct a maliciously constructed PDF file which, if opened by users, could be used to inject hostile code onto vulnerable systems. This arbitrary code would execute with the privileges of the user running vulnerable versions of Acrobat Reader for Unix (versions 5.0.9 and 5.0.10).

Adobe users on Linux and Solaris Platforms are advised to upgrade to Adobe Reader 7.0. IBM-AIX and HP-UX users need to step up to Adobe Acrobat Reader 5.0.11. Adobe has published an advisory explaining the issue. There's more info in a bulletin from security firm iDEFENSE, which discovered the security bug, here. ®

Related stories

Adobe patches Acrobat, Reader flaws
Cracker spills the beans on PDF flaw
Macromedia to merge with Adobe
Adobe and Macromedia: bad news for online tools