Buffer Overflow Detected in Adobe Reader

Security researchers on Thursday warned of a “high risk” buffer overflow flaw in some versions of the Adobe Acrobat Reader that put users at risk of system takeover.

British security consultants NGSSoftware detected the vulnerability in the XML forms data format (“.xfdf”) and warned that a malicious attacker could cause a buffer overflow by tricking a user into viewing a specially crafted XFDF document.

The vulnerability affects Adobe Acrobat Reader 5.x. Adobe has corrected the flaw and is urging users to upgrade to the newer Adobe 6.0 software.

According to the NGSSoftware advisory, the flaw is particularly serious because XFDF files with a “.xfdf” extension are rendered automatically on download when using applications like Microsoft’s Internet Explorer browser.

“Rendering the file will trigger the overflow. A user would need to be enticed to a web site that hosted a malicious xfdf file or sent one via e-mail,” the company explained.

The Adobe Acrobat Reader is widely used to view and render PDF

News Around the Web