Info

Disclosure

Dec 06, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 05, 2006

Description

Adobe Download Manager is affected by a remote buffer-overflow vulnerability. An attacker can exploit this issue by crafting a malicious AOM file and enticing a user to view a webpage containing the file. A successful attack may result in arbitrary code execution. This issue affects Adobe Download Manager 2.1 and prior versions.

Classification

Location: Local Access Required, Remote / Network Access
Attack Type: Input Manipulation, Race Condition
Impact: Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit: Exploit Private, Exploit Unknown
Disclosure: OSVDB Verified

Solution

It is recommended that users uninstall Adobe Download Manager 2.1 and earlier using the instructions provided below.

Products

Adobe Systems Incorporated

Adobe Download Manager

2.1

References

Security Tracker: 1017340
CVE ID: 2006-5856 (see also: NVD)
Bugtraq ID: 21453
Secunia Advisory ID: 23233
ISS X-Force ID: 30742
CERT VU: 448569
VUPEN Advisory: ADV-2006-4867
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0092.html
http://archives.neohapsis.com/archives/bugtraq/2006-12/0113.html
Other Advisory URL: http://research.eeye.com/html/advisories/published/AD20061205.html
http://www.zerodayinitiative.com/advisories/ZDI-06-044.html
Vendor Specific Advisory URL: http://www.adobe.com/support/security/bulletins/apsb06-19.html

Credit

Anonymous through ZDI -
Derek Soeder - dsoedereeye.com - eEye Digital Security

Direct URL: http://osvdb.org/36218