Some bugs have been discovered in Adobe Reader and Adobe Acrobat, which may cause an included ActiveX control to crash.
The bugs are caused due to errors in the AcroPDF ActiveX control (AcroPDF.dll) when processing arbitrary arguments passed to the "setPageMode()", "setLayoutMode()", "setNamedDest()", and "LoadFile()" methods.
NOTE: Secunia has currently decided to treat these issues as crash bugs as further internal research and dialogue with the vendor indicates that no risk of potential remote code execution currently has been proven.
The bugs are confirmed in Adobe Reader 7.0.5 and 7.0.8 for Windows. They have also been reported in Adobe Reader 7.0.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform. Prior versions may also be affected.
Solution: Upgrade to version 8 or update to the latest version (see vendor's advisory for details).
Provided and/or discovered by: Originally reported in the "LoadFile()" method by Michal Bucko (sapheal), hack.pl.
Other bugs reported by FrSIRT.
Original Advisory: Adobe Systems:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Adobe Reader / Acrobat AcroPDF ActiveX Control Bugs
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.