Oxygen3 24h-365d [Execution of remote code through Acrobat Reader - 4/25/05]

Execution of remote code through Acrobat Reader - Oxygen3 24h-365d, by Panda Software

Madrid, April 25, 2005 - Security Tracker has reported, at http://www.securitytracker.com/alerts/2005/Apr/1013774.html,a vulnerability in the well-known PDF reader, Adobe Acrobat Reader. This vulnerability could allow a remote user to run arbitrary code.

To do this, the remote user would need to create a specially crafted PDF file that, when loaded by Acrobat Reader, will trigger an Invalid-ID-Handle-Error in 'AcroRd32.exe'. Values supplied by the attacker could be written to certain memory locations and potentially executed.

As the problem has been reported recently, Adobe has not yet published an update. For this reason, users are advised to be careful with PDF files downloaded from dubious websites and to update the PDF reader as soon as Adobe releases the update. more...

NetClarity - Preemptive, Proactive Protection.
Originally Posted on 9/2/2005 10:05:28 AMContent source: http://www.antivirus-solutions.com/archives/2005/04/oxygen3_24h365d_177.html