CVE-2004-0632Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

2 documents2 sources
Severity
7.5HIGHNVD
EPSS
23.2%
top 4.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedJul 27
Latest updateApr 29

Description

Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDadobe/acrobat_reader6.0, 6.0.1+1
NVDadobe/acrobat6.0, 6.0.1+1

🔴Vulnerability Details

1
GHSA
GHSA-7phx-pr8q-9fmf: Adobe Reader 62022-04-29
CVE-2004-0632 — Adobe Acrobat vulnerability | cvebase