CVE-2004-0631

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/10932	Exploit Vendor Advisory
http://security.gentoo.org/glsa/glsa-200408-14.xml	Vendor Advisory
http://www.adobe.com/support/techdocs/322914.html
http://www.redhat.com/support/errata/RHSA-2004-432.html
http://www.idefense.com/application/poi/display?id=125&type=vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/16972

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:acrobat_reader:5.0:::::::*
	cpe:2.3:a:adobe:acrobat_reader:5.0.5:::::::*
	cpe:2.3:a:adobe:acrobat_reader:5.0.6:::::::*

Information

Published : 2004-08-17 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-0631

Mitre link : CVE-2004-0631

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

adobe

acrobat_reader

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/10932", "name": "10932", "tags": ["Exploit", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://security.gentoo.org/glsa/glsa-200408-14.xml", "name": "GLSA-200408-14", "tags": ["Vendor Advisory"], "refsource": "GENTOO"}, {"url": "http://www.adobe.com/support/techdocs/322914.html", "name": "http://www.adobe.com/support/techdocs/322914.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-432.html", "name": "RHSA-2004:432", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.idefense.com/application/poi/display?id=125&type=vulnerabilities", "name": "20040812 Adobe Acrobat Reader (Unix) 5.0 Uudecode Filename Buffer Overflow Vulnerability", "tags": [], "refsource": "IDEFENSE"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16972", "name": "adobe-acrobat-uudecode-bo(16972)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0631", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-08-18T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}