An individual has reported that Adobe Acrobat Reader for Unix systems is vulnerable to a buffer overflow condition. The error is allegedly related to the processing of hyperlinks, in the function "WWWLaunchNetscape". The flaw is triggered only when Netscape is set as the browser to be used in the preferences (this is the default configuration). This vulnerability may be exploited through maliciously constructed PDF files.
It should be noted that it is not confirmed that Acrobat Reader for Windows is not affected. Users of both versions should exhibit caution until there is a response from the vendor. 4.x versions of the reader are reportedly not prone to this issue.
# Demo for acroread 5.0.7 on Debian Linux
Writing TeX file ...
# For acroread 5.0.5 use 248 Bs instead of 504
open P, '>attack.tex';
print P '
Running pdflatex ...
system 'pdflatex attack';
Adobe Acrobat Reader WWWLaunchNetscape() function Buffer Overflow
Remote / Network Access
Loss of Integrity
A remote overflow exists in Adobe Acrobat Reader. The Adobe Acrobat Reader fails to validate the URL sent to the WWWLaunchNetscape() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.
Upgrade to version 5.0.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.