Security Vulnerability: Buffer Overflow in Adobe Reader 5.x on Linux / Solaris
There is a security in Adobe Reader 5.x for Linux, Solaris, HP-UX and IBM-AIX that allows malicious PDF’s to execute arbitrary code on a local machine with privileges of a local user.
Buffer overflows are of the worst type security holes since they allow the execution of any type of code. That code could be anything, and with that kind of control, a typical malicous use would be the installation of adware, spyware, or viruses that could zombify your computer.
This exploit was found and reported to Adobe by iDEFENSE labs. There is no patch for the vulnerability. Your only defense is to upgrade your version of Adobe Reader to at least 7.x. This should be no problem for most of you and is a recommended upgrade for many reasons. The only drawback could be older computers that are running version 5.x on purpose because of the lower system requirements. If that is the case, just be extra careful downloading/opening PDF’s from unverified sources and as a general rule, don’t open PDF attachments from the web or as email attachments.
