My Photo
Name:
Location: Blue Ridge, Va., United States

Wednesday, December 06, 2006

Adobe Download Manager AOM Buffer Overflow Vulnerability

Software:
Adobe Download Manager 1.x
Adobe Download Manager 2.x

Description:
A vulnerability has been reported in Adobe Download Manager, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when handling section names in the "dm.ini" file as created by Adobe Download Manager when processing AOM files. This can be exploited to cause a stack-based buffer overflow via a specially crafted AOM or "dm.ini" file.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.

The vulnerability is reported in version 2.1 and earlier.

Solution:
Update to version 2.2.
http://secunia.com/advisories/23233/
Original Advisory:
Adobe: http://www.adobe.com/support/security/bulletins/apsb06-19.html

 

0 Comments:

Post a Comment

<< Home