Vulnerability Details CVE-2004-0632
Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.232
EPSS Ranking 95.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.adobe.com/support/techdocs/330527.html
- http://www.adobe.com/support/techdocs/34222.htm
- http://www.idefense.com/application/poi/display?id=116&type=vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16667
- http://www.adobe.com/support/techdocs/330527.html
- http://www.adobe.com/support/techdocs/34222.htm
- http://www.idefense.com/application/poi/display?id=116&type=vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16667
Products affected by CVE-2004-0632
-
cpe:2.3:a:adobe:acrobat:6.0
-
cpe:2.3:a:adobe:acrobat:6.0.1
-
cpe:2.3:a:adobe:acrobat_reader:6.0
-
cpe:2.3:a:adobe:acrobat_reader:6.0.1