The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters (` or backtick) in the filename of the PDF file that is provided to the uudecode command.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Acrobat_reader | Adobe | 5.0 (including) | 5.0 (including) |
| Acrobat_reader | Adobe | 5.0.5 (including) | 5.0.5 (including) |
| Acrobat_reader | Adobe | 5.0.6 (including) | 5.0.6 (including) |
| Red Hat Desktop version 3 Extras | RedHat | * |
References
- http://security.gentoo.org/glsa/glsa-200408-14.xml
- http://www.adobe.com/support/techdocs/322914.html
- http://www.idefense.com/application/poi/display?id=124\u0026type=vulnerabilities
- http://www.redhat.com/support/errata/RHSA-2004-432.html
- http://www.securityfocus.com/bid/10931
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16973
- http://security.gentoo.org/glsa/glsa-200408-14.xml
- http://www.adobe.com/support/techdocs/322914.html
- http://www.idefense.com/application/poi/display?id=124\u0026type=vulnerabilities
- http://www.redhat.com/support/errata/RHSA-2004-432.html
- http://www.securityfocus.com/bid/10931
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16973