CVE-2004-0629Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
20.8%
top 4.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedSep 28
Latest updateApr 29

Description

Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDadobe/acrobat_reader6 versions+5
NVDadobe/acrobat5 versions+4

Patches

Patch: www.gentoo.orgPatch: www.securityfocus.comPatch: www.gentoo.org

🔴Vulnerability Details

1
GHSA
GHSA-xhv2-33qj-qmwc: Buffer overflow in the ActiveX component (pdf2022-04-29

📐Framework References

1
CAPEC
Embedding NULL Bytes
CVE-2004-0629 — Adobe Acrobat vulnerability | cvebase