Vulnerability Name:

CVE-2004-1152 (CCN-18477)

Assigned:2004-12-14
Published:2004-12-14
Updated:2017-07-11
Summary:Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-1152

Source: CCN
Type: RHSA-2004-674
acroread security update

Source: CCN
Type: SA13474
Adobe Acrobat Reader "mailListIsPdf()" Function Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
13474

Source: CCN
Type: Adobe Systems Web site
Acrobat Reader 5.0 system requirements

Source: CONFIRM
Type: UNKNOWN
http://www.adobe.com/support/techdocs/331153.html

Source: CCN
Type: CIAC Information Bulletin P-064
Adobe Reader 5.0.9 for UNIX "mailListIsPdf" function Vulnerability

Source: CCN
Type: GLSA-200412-12
Adobe Acrobat Reader: Buffer overflow vulnerability

Source: IDEFENSE
Type: Patch, Vendor Advisory
20041214 Adobe Acrobat Reader 5.0.9 mailListIsPdf() Buffer Overflow Vulnerability

Source: CCN
Type: iDEFENSE Security Advisory 12.14.04
Adobe Acrobat Reader 5.0.9 mailListIsPdf() Buffer Overflow Vulnerability

Source: CCN
Type: US-CERT VU#253024
Adobe Acrobat Reader for UNIX contains a buffer overflow in mailListIsPdf()

Source: CERT-VN
Type: US Government Resource
VU#253024

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:001

Source: CCN
Type: BID-11923
Adobe Acrobat Reader Email Message Remote Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
adobe-acrobat-maillistispdf-bo(18477)

Source: XF
Type: UNKNOWN
adobe-acrobat-maillistlspdf-bo(18477)

Source: SUSE
Type: SUSE-SR:2004:004
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2004:005
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:001
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat_reader:5.0.9:*:unix:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20041152
    V
    		CVE-2004-1152
    2015-11-16
    BACK
    adobe acrobat reader 5.0.9
    adobe acrobat reader 5.0.9
    gentoo linux *
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat rhel extras 3