Adobe Reader is susceptible to a denial of service when the count value of a root page is set to a negative digit.
e425f612d9d694c26bdb66bdae05b00cd4ab166c5cc01a78de8ba4e9593863fb
Adobe Reader invalid root page node Count value DOS
Author
======
Fortinet,inc (hongzhen zhou <felix__zhou _at_ hotmail _dot_ com>)
Vulnerable
==========
Acrobat Reader 7.0.0 for Windows (English Version) -- latest version
Acrobat Reader 6.0.3 for Windows (Simplied Chinese Version)
( Other versions are not tested. )
Description
===========
When the "Count" value of the root page node set to a negative digit, the Adobe Reader may not crash immediately,
but if the user used mouse to click the client rectangle of the Reader immediately,
then it died. I change the "PageMode" value of "Catalog"
to "FullScreen"(that means display the document in full-screen mode),
then the Reader crashes immediately and automatically:).
POC
===
http://www.xfocus.net/tools/200502/POC.pdf