HTTP: Adobe Acrobat Reader ActiveX Component Heap Overflow
This signature detects attempts to exploit a known vulnerability against the Adobe Acrobat Reader ActiveX component. Attackers can send an overly long URL that, when interpreted by Adobe Acrobat, enables attackers to execute arbitrary code on the target host.
Extended Description
Adobe Acrobat/Acrobat Reader ActiveX control (pdf.ocx) is reported prone to a heap-based buffer overrun vulnerability, the issue presents itself due to a lack of sufficient boundary checking performed on URI data of GET requests. It is reported that Microsoft IIS and Netscape Enterprise servers employ NULL bytes as URI terminators and so these HTTP servers may be used to launch an attack. When a malicious URI is followed, the URI is copied into heap-based memory of the affected software without sufficient boundary checks. This results in heap-based memory management chunks being trampled by attacker-supplied URI data. Ultimately this vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of the user who is running the vulnerable software.
Affected Products
Adobe acrobat
References
BugTraq: 10947
CVE: CVE-2004-0629
URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=126
Short Name
HTTP:OVERFLOW:ACROBATX-HEAP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Acrobat ActiveX Adobe CVE-2004-0629 Component Heap Overflow Reader bid:10947
Release Date
08/18/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Adobe
CVSS Score
7.5