“Adobe Acrobat/Acrobat Reader ActiveX Control Buffer Overflow Vulnerability…iDEFENSE has confirmed the existence of this vulnerability in Adobe Acrobat 5.0.5, specifically, pdf.ocx version 5.0.5.452. It is suspected that all current versions of Adobe Acrobat/Acrobat Reader are affected by this vulnerability….WORKAROUND Change Adobe Acrobat/Acrobat Reader settings to prevent PDF files from automatically opening when accessed via a web browser. When prompted, first save the file to disk before opening thereby closing the exploitation vector escribed….Adobe has stated that the vulnerability was patched in Adobe Acrobat Reader 6.0.2. However, iDEFENSE has tested proof of concept exploit code that will cause the latest version of Adobe Acrobat Reader (6.0.2) to crash. Adobe has not provided details on the status of a fix for Adobe Acrobat.

Adobe Acrobat Reader (Unix) 5.0 Uudecode Filename Buffer Overflow Vulnerability…Adobe Acrobat Reader (UNIX) versions 5.05 and 5.06 have been confirmed vulnerable; earlier versions that call the uudecode utility are also
thought to be vulnerable….While it is not clear exactly when the vulnerability was patched, iDEFENSE has tested Adobe Acrobat Reader (UNIX) 5.0.9, which appears to be patched against this vulnerability.”