CVE-2006-6027

EXPLOITED

Adobe Acrobat Reader 7.0-7.0.8 - Denial of Service and Possible Remote Code Execution via Long LoadFile Argument

Title source: llm

Exploitation Summary

CVE-2006-6027 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Michal Bucko.

AI-analyzed exploit summary This exploit targets a vulnerability in Adobe Acrobat 7.0 by leveraging a buffer overflow in the `LoadFile` method of the AcroPDF ActiveX control. It uses a long string argument to trigger the overflow, potentially leading to arbitrary code execution.

Description

Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michal Bucko · htmldoswindows

https://www.exploit-db.com/exploits/29076

View Code ZIP pw:eip

This exploit targets a vulnerability in Adobe Acrobat 7.0 by leveraging a buffer overflow in the `LoadFile` method of the AcroPDF ActiveX control. It uses a long string argument to trigger the overflow, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Adobe Acrobat 7.0

No auth needed

Prerequisites: Adobe Acrobat 7.0 installed · Internet Explorer to invoke the ActiveX control

MITRE ATT&CK