Privilege Escalation RCE Injection SQL Buffer Overflow RCI XSS Patch Ransomware Risk
Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.
CWE-20 : Improper Input Validation
The product receives input or data, but it doesnot validate or incorrectly validates that the input has theproperties that are required to process the data safely andcorrectly. When custom input validation is required, such as when enforcing business rules, manual analysis is necessary to ensure that the validation is properly implemented. Fuzzing techniques can be useful for detecting input validation errors. When unexpected inputs are provided to the software, the software should not crash or otherwise become unstable, and it should generate application-controlled error messages. If exceptions or interpreter-generated error messages occur, this indicates that the input was not detected and handled within the application logic itself. Consider using language-theoretic security (LangSec) techniques that characterize inputs using a formal language and build "recognizers" for that language. This effectively requires parsing to be a distinct layer that effectively enforces a boundary between raw input and internal data representations, instead of allowing parser code to be scattered throughout the program, where it could be subject to errors or inconsistencies that create weaknesses. [REF-1109] [REF-1110] [REF-1111] Use an input validation framework such as Struts or the OWASP ESAPI Validation API. Note that using a framework does not automatically address all input validation problems; be mindful of weaknesses that could arise from misusing the framework itself (CWE-1173). Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls. When your application combines data from multiple sources, perform the validation after the sources have been combined. The individual data elements may pass the validation step but violate the intended restrictions after they have been combined. Be especially careful to validate all input when invoking code that crosses language boundaries, such as from an interpreted language to native code. This could create an unexpected interaction between the language boundaries. Ensure that you are not violating any of the expectations of the language with which you are interfacing. For example, even though Java may not be susceptible to buffer overflows, providing a large argument in a call to native code might trigger an overflow. Directly convert your input type into the expected data type, such as using a conversion function that translates a string into a number. After converting to the expected data type, ensure that the input's values fall within the expected range of allowable values and that multi-field consistencies are maintained. When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so. Chain: improper input validation (CWE-20) leads to integer overflow (CWE-190) in mobile OS, as exploited in the wild per CISA KEV. Chain: improper input validation (CWE-20) leads to integer overflow (CWE-190) in mobile OS, as exploited in the wild per CISA KEV. Chain: backslash followed by a newline can bypass a validation step (CWE-20), leading to eval injection (CWE-95), as exploited in the wild per CISA KEV. Chain: insufficient input validation (CWE-20) in browser allows heap corruption (CWE-787), as exploited in the wild per CISA KEV. Chain: improper input validation (CWE-20) in username parameter, leading to OS command injection (CWE-78), as exploited in the wild per CISA KEV. Chain: security product has improper input validation (CWE-20) leading to directory traversal (CWE-22), as exploited in the wild per CISA KEV. Improper input validation of HTTP requests in IP phone, as exploited in the wild per CISA KEV. Chain: improper input validation (CWE-20) in firewall product leads to XSS (CWE-79), as exploited in the wild per CISA KEV. Chain: caching proxy server has improper input validation (CWE-20) of headers, allowing HTTP response smuggling (CWE-444) using an "LF line ending" Eval injection in Perl program using an ID that should only contain hyphens and numbers. SQL injection through an ID that was supposed to be numeric. lack of input validation in spreadsheet program leads to buffer overflows, integer overflows, array index errors, and memory corruption. insufficient validation enables XSS driver in security product allows code execution due to insufficient validation infinite loop from DNS packet with a label that points to itself infinite loop from DNS packet with a label that points to itself missing parameter leads to crash HTTP request with missing protocol version number leads to crash request with missing parameters leads to information exposure system crash with offset value that is inconsistent with packet size size field that is inconsistent with packet size leads to buffer over-read product uses a denylist to identify potentially dangerous content, allowing attacker to bypass a warning security bypass via an extra header empty packet triggers reboot incomplete denylist allows SQL injection NUL byte in theme name causes directory traversal impact to be worse kernel does not validate an incoming pointer before dereferencing it anti-virus product has insufficient input validation of hooked SSDT functions, allowing code execution anti-virus product allows DoS via zero-length field driver does not validate input from userland to the kernel kernel does not validate parameters sent in from userland, allowing code execution lack of validation of string length fields allows memory consumption or buffer over-read lack of validation of length field leads to infinite loop lack of validation of input to an IOCTL allows code execution zero-length attachment causes crash zero-length input causes free of uninitialized pointer crash via a malformed frame structure infinite loop from a long SMTP request router crashes with a malformed packet packet with invalid version number leads to NULL pointer dereference crash via multiple "." characters in file extension
| 20050218 Adobe Reader invalid root page node Count value DOS
Third Party Advisory
Patch Vendor Advisory
Broken Link Not Applicable
|No known exploits|
Other (github, ...)
|No known exploits|
Take a picture of your computer network in a few clicks !
The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.