CVE-2004-0632

Description

Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow.

Affected products

• Adobe / acrobat6.0 – 6.0
• Adobe / acrobat6.0.1 – 6.0.1
• Adobe / Acrobat Reader6.0 – 6.0
• Adobe / Acrobat Reader6.0.1 – 6.0.1

References

• VENDOR_ADVISORYhttp://www.adobe.com/support/techdocs/34222.htm
• MISChttp://www.idefense.com/application/poi/display?id=116&type=vulnerabilities
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/16667
• VENDOR_ADVISORYhttp://www.adobe.com/support/techdocs/330527.html