File: 100000101.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (75 lines) | stat: -rw-r--r-- 1,634 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
Rule: 

--
Sid: 
100000101

-- 
Summary: 
This event is generated when an attempt is made to exploit a buffer overflow 
vulnerability present in the Adobe Acrobat/Acrobat Reader ActiveX control, 
pdf.ocx.

-- 

Impact: 
By using properly crafted packets, attackers may execute arbitrary code of 
their choosing with the privileges of the user running the affected software.

--
Detailed Information:
This rule detects attempts to overflow the heap of the Adobe Acrobat/Acrobat 
Reader ActiveX control, pdf.ocx. URI requests of 1,050 bytes or greater which 
are received by this control will cause a buffer overflow and allow arbitrary 
code execution with the privileges of the affected user. This rule is used in 
conjunction with SID 100000100.

--
Affected Systems:
Adobe Acrobat 5.0
Adobe Acrobat 5.0.5
Adobe Acrobat 6.0
Adobe Acrobat 6.0.1
Adobe Acrobat Reader 5.0
Adobe Acrobat Reader 5.0.5
Adobe Acrobat Reader 5.1
Adobe Acrobat Reader 6.0
Adobe Acrobat Reader 6.0.1

--

Attack Scenarios: 
A web browser or automated script may be used to exploit this vulnerability.

-- 

Ease of Attack: 
Simple, as simply typing a long URI into a web browser will suffice.

-- 

False Positives:
None Known.

--
False Negatives:
None Known.

-- 

Corrective Action: 
Upgrade to Adobe Acrobat/Acrobat Reader 6.0.2.
An alternate workaround is available: disable "Display PDF in browser" under 
Edit -> Preferences.

--
Contributors: 
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>
Alex Kirk <alex.kirk@sourcefire.com>

-- 
Additional References:
http://www.adobe.com/support/downloads/thankyou.jsp?ftpID=2589&fileID=2433

--