Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Buffer Overflow, coming to a PDF near you

Just when you thought those nifty little PDFs were the next best thing to, well, paper, along comes a rather nasty buffer overflow that allows attackers to execute local code. According to an advisory posted by NGSSoftware, the problem stems from the way an Acrobat reader attempts to execute XML-savvy xfdf PDFs containing form data.

When the xfdf file is parsed an unsafe call to sprintf is made in preparation for outputting a debug message using OutputDebugString. Whether the process is being debugged or not the vulnerable code is still called. Rendering the file will trigger the overflow.

Maybe Adobe should forget about XML and focus a bit more on helping readers (regardless of platform) "see" the same content in the same way. There is some good news, of course. According to Adobe, the current product is immune. Time to download.