Security researchers on Thursday warned of a “high risk” buffer overflow
British security consultants NGSSoftware detected the vulnerability in the XML forms data format (“.xfdf”) and warned that a malicious attacker could cause a buffer overflow by tricking a user into viewing a specially crafted XFDF document.
The vulnerability affects Adobe Acrobat Reader 5.x. Adobe
has corrected the flaw and is urging users to upgrade to the newer Adobe 6.0 software.
According to the NGSSoftware advisory, the flaw is particularly serious because XFDF files with a “.xfdf” extension are rendered automatically on download when using applications like Microsoft’s Internet Explorer browser.
“Rendering the file will trigger the overflow. A user would need to be enticed to a web site that hosted a malicious xfdf file or sent one via e-mail,” the company explained.
The Adobe Acrobat Reader is widely used to view and render PDF