2.6 CVE-2005-0492

Privilege Escalation RCE Injection SQL Buffer Overflow RCI XSS Patch Ransomware Risk

 

Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.
https://nvd.nist.gov/vuln/detail/CVE-2005-0492

Categories

CWE-20 : Improper Input Validation
The product receives input or data, but it doesnot validate or incorrectly validates that the input has theproperties that are required to process the data safely andcorrectly. When custom input validation is required, such as when enforcing business rules, manual analysis is necessary to ensure that the validation is properly implemented. Fuzzing techniques can be useful for detecting input validation errors. When unexpected inputs are provided to the software, the software should not crash or otherwise become unstable, and it should generate application-controlled error messages. If exceptions or interpreter-generated error messages occur, this indicates that the input was not detected and handled within the application logic itself. Consider using language-theoretic security (LangSec) techniques that characterize inputs using a formal language and build "recognizers" for that language. This effectively requires parsing to be a distinct layer that effectively enforces a boundary between raw input and internal data representations, instead of allowing parser code to be scattered throughout the program, where it could be subject to errors or inconsistencies that create weaknesses. [REF-1109] [REF-1110] [REF-1111] Use an input validation framework such as Struts or the OWASP ESAPI Validation API. Note that using a framework does not automatically address all input validation problems; be mindful of weaknesses that could arise from misusing the framework itself (CWE-1173). Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls. When your application combines data from multiple sources, perform the validation after the sources have been combined. The individual data elements may pass the validation step but violate the intended restrictions after they have been combined. Be especially careful to validate all input when invoking code that crosses language boundaries, such as from an interpreted language to native code. This could create an unexpected interaction between the language boundaries. Ensure that you are not violating any of the expectations of the language with which you are interfacing. For example, even though Java may not be susceptible to buffer overflows, providing a large argument in a call to native code might trigger an overflow. Directly convert your input type into the expected data type, such as using a conversion function that translates a string into a number. After converting to the expected data type, ensure that the input's values fall within the expected range of allowable values and that multi-field consistencies are maintained. When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so. Chain: improper input validation (CWE-20) leads to integer overflow (CWE-190) in mobile OS, as exploited in the wild per CISA KEV. Chain: improper input validation (CWE-20) leads to integer overflow (CWE-190) in mobile OS, as exploited in the wild per CISA KEV. Chain: backslash followed by a newline can bypass a validation step (CWE-20), leading to eval injection (CWE-95), as exploited in the wild per CISA KEV. Chain: insufficient input validation (CWE-20) in browser allows heap corruption (CWE-787), as exploited in the wild per CISA KEV. Chain: improper input validation (CWE-20) in username parameter, leading to OS command injection (CWE-78), as exploited in the wild per CISA KEV. Chain: security product has improper input validation (CWE-20) leading to directory traversal (CWE-22), as exploited in the wild per CISA KEV. Improper input validation of HTTP requests in IP phone, as exploited in the wild per CISA KEV. Chain: improper input validation (CWE-20) in firewall product leads to XSS (CWE-79), as exploited in the wild per CISA KEV. Chain: caching proxy server has improper input validation (CWE-20) of headers, allowing HTTP response smuggling (CWE-444) using an "LF line ending" Eval injection in Perl program using an ID that should only contain hyphens and numbers. SQL injection through an ID that was supposed to be numeric. lack of input validation in spreadsheet program leads to buffer overflows, integer overflows, array index errors, and memory corruption. insufficient validation enables XSS driver in security product allows code execution due to insufficient validation infinite loop from DNS packet with a label that points to itself infinite loop from DNS packet with a label that points to itself missing parameter leads to crash HTTP request with missing protocol version number leads to crash request with missing parameters leads to information exposure system crash with offset value that is inconsistent with packet size size field that is inconsistent with packet size leads to buffer over-read product uses a denylist to identify potentially dangerous content, allowing attacker to bypass a warning security bypass via an extra header empty packet triggers reboot incomplete denylist allows SQL injection NUL byte in theme name causes directory traversal impact to be worse kernel does not validate an incoming pointer before dereferencing it anti-virus product has insufficient input validation of hooked SSDT functions, allowing code execution anti-virus product allows DoS via zero-length field driver does not validate input from userland to the kernel kernel does not validate parameters sent in from userland, allowing code execution lack of validation of string length fields allows memory consumption or buffer over-read lack of validation of length field leads to infinite loop lack of validation of input to an IOCTL allows code execution zero-length attachment causes crash zero-length input causes free of uninitialized pointer crash via a malformed frame structure infinite loop from a long SMTP request router crashes with a malformed packet packet with invalid version number leads to NULL pointer dereference crash via multiple "." characters in file extension

References

BUGTRAQ

CONFIRM Patch

SECUNIA

14813
Broken Link Not Applicable

VUPEN

ADV-2005-0310
Permissions Required

XF


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*

Patch

Url
http://www.adobe.com/support/techdocs/331468.html

Exploits

Exploit-db.com
id description date
No known exploits
Other (github, ...)
Url
No known exploits

CAPEC

id description severity
230 Serialized Data with Nested Payloads
High
231 Oversized Serialized Data Payloads
High
81 Web Server Logs Tampering
High
46 Overflow Variables and Tags
High
9 Buffer Overflow in Local Command-Line Utilities
High
47 Buffer Overflow via Parameter Expansion
High
24 Filter Failure through Buffer Overflow
High
8 Buffer Overflow in an API Call
High
42 MIME Conversion
High
67 String Format Overflow in syslog()
Very High
45 Buffer Overflow via Symbolic Links
High
10 Buffer Overflow via Environment Variables
High
14 Client-side Injection-induced Buffer Overflow
High
135 Format String Injection
High
52 Embedding NULL Bytes
High
53 Postfix, Null Terminate, and Backslash
High
120 Double Encoding
Medium
267 Leverage Alternate Encoding
High
80 Using UTF-8 Encoding to Bypass Validation Logic
High
72 URL Encoding
High
79 Using Slashes in Alternate Encoding
High
3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
Medium
71 Using Unicode Encoding to Bypass Validation Logic
High
64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
High
43 Exploiting Multiple Input Interpretation Layers
High
78 Using Escaped Slashes in Alternate Encoding
High
153 Input Data Manipulation
Medium
23 File Content Injection
Very High
261 Fuzzing for garnering other adjacent user/sensitive data
Medium
182 Flash Injection
Medium
73 User-Controlled Filename
High
473 Signature Spoof
109 Object Relational Mapping Injection
High
104 Cross Zone Scripting
High
22 Exploiting Trust in Client
High
13 Subverting Environment Variable Values
Very High
31 Accessing/Intercepting/Modifying HTTP Cookies
High
28 Fuzzing
Medium
136 LDAP Injection
High
88 OS Command Injection
High
85 AJAX Footprinting
Low
63 Cross-Site Scripting (XSS)
Very High
209 XSS Using MIME Type Mismatch
Medium
588 DOM-Based XSS
Very High
110 SQL Injection through SOAP Parameter Tampering
Very High
7 Blind SQL Injection
High
108 Command Line Execution through SQL Injection
Very High
664 Server Side Request Forgery
High
250 XML Injection
83 XPath Injection
High
101 Server Side Include (SSI) Injection
High

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution