Greg MacManus has reported two vulnerabilities in Adobe Acrobat Reader, which can be exploited by malicious people to compromise a user's system.
1) An input validation error within the "uudecoding" feature allows injection of arbitrary shell commands. This can be exploited via a malicious PDF document with a specially crafted filename containing backtick shell metacharacters.
2) A boundary error within the "uudecoding" feature can be exploited to cause a buffer overflow via a malicious PDF document with an overly long filename.
Successful exploitation may allow execution of arbitrary code, but requires that a user is tricked into opening a malicious document.
The vulnerabilities have been reported in versions 5.05 and 5.06 for UNIX. Other versions may also be affected.
Solution: Version 5.09 for UNIX is not vulnerable.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org