Rapid7 Vulnerability & Exploit Database

RHSA-2004:674: acroread security update

Back to Search

RHSA-2004:674: acroread security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
01/10/2005
Created
07/25/2018
Added
03/28/2008
Modified
07/04/2017

Description

An updated Adobe Acrobat Reader package that fixes a security issue is now available.

The Adobe Acrobat Reader browser allows for the viewing, distributing, and printing of documents in portable document format (PDF). iDEFENSE has reported that Adobe Acrobat Reader 5.0.9 contains a buffer overflow when decoding email messages. An attacker could create a malicious PDF file which could execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1152 to this issue. All users of Acrobat Reader are advised to upgrade to this updated package, which contains Acrobat Reader version 5.0.10 which is not vulnerable to this issue.

Solution(s)

  • redhat-upgrade-acroread
  • redhat-upgrade-acroread-plugin

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;