Signature Detail
Short Name |
HTTP:STC:ADOBE:PDF-UUEXEC |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe Acrobat Reader uudecode() File Execution |
Release Date |
2004/11/08 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Adobe Acrobat Reader uudecode() File Execution
This signature detects a maliciously crafted PDF file downloaded through HTTP. Attackers can insert certain shell metacharacters at the beginning of a uuencoded PDF file to force Adobe Acrobat to execute arbitrary commands upon loading the file.
Extended Description
A remote code execution vulnerability is identified in Adobe Acrobat Reader. This issue may allow an attacker gain unauthorized access to a vulnerable computer. Acrobat Reader is affected by a shell metacharacter command execution vulnerability. This issue exists due to insufficient sanitization of user-supplied data by Acrobat Reader for Unix and Linux platforms. Successful exploitation can allow an attacker to use a specially crafted file name to execute arbitrary commands and applications through the shell. Adobe Acrobat Reader version 5.0 for Unix and Linux platforms is reported vulnerable to this issue. Acrobat Reader for Microsoft Windows platforms is not affected by this issue.
Affected Products
- Adobe Acrobat Reader (UNIX) 5.0.0
- Adobe Acrobat Reader (UNIX) 5.0.0 5
- Adobe Acrobat Reader (UNIX) 5.0.0 6
- Adobe Reader 5.0.0
- Adobe Reader 5.0.5
- Adobe Reader 5.0.6
- SuSE Linux Personal 9.0.0
- SuSE Linux Personal 9.0.0 X86 64
- SuSE Linux Personal 9.1.0
References