The problem specifically exists in the parsing of .etd files used in eBook transactions. An .etd file containing a format string in the 'title' or 'baseurl' fields can cause an invalid memory access. This vulnerability may allow for the execution of arbitrary code.
Example:
The following fields in an .etd file would trigger the vulnerability in a vulnerable Adobe Reader:
Successful exploitation allows an attacker to execute arbitrary code under the privileges of the local user. Remote exploitation is possible by sending a specially crafted e-mail and attaching either the maliciously crafted PDF document or a link to it.
Workaround:
It is possible to disable the parsing of .etd files.
Deleting the following file will prevent exploitation of this vulnerability: C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\eBook.api
This will not impact reading .PDF files. Removing this file prevents Adobe Reader from handling eBooks. When a file handled by this plugin is detected, an error dialog box will appear, offering to take the user to Adobe's website for information.
Vendor Status:
This vulnerability is addressed in Adobe Acrobat Reader 6.0.3. Downloads for platform specific versions are available at the links shown below:
