Buffer Overflow, coming to a PDF near you
Just when you thought those nifty little PDFs were the next best thing to, well, paper, along comes a rather nasty buffer overflow that would allow attackers to execute local code.
March 5, 2004
Just when you thought those nifty little PDFs were the next best thing to, well, paper, along comes a rather nasty buffer overflow that allows attackers to execute local code. According to an advisory posted by NGSSoftware, the problem stems from the way an Acrobat reader attempts to execute XML-savvy xfdf PDFs containing form data.
When the xfdf file is parsed an unsafe call to sprintf is made in preparation for outputting a debug message using OutputDebugString. Whether the process is being debugged or not the vulnerable code is still called. Rendering the file will trigger the overflow.
Maybe Adobe should forget about XML and focus a bit more on helping readers (regardless of platform) "see" the same content in the same way. There is some good news, of course. According to Adobe, the current product is immune. Time to download.
You May Also Like