[Full-Disclosure] Re: Adobe acrobat / Adobe Reader 6 can read local files

From: Jay Libove (libove_at_felines.org)
Date: 10/12/04

  • Next message: Daniel Sichel: "[Full-Disclosure] Possibly a stupid question RPC over HTTP" 
    To: full-disclosure@lists.netsys.com
Date: Tue, 12 Oct 2004 13:00:36 -0400 (EDT)

    I have Acrobat Reader configured to NOT run Javascript. The demo did not
    work on my system (XP, SP2, Acrobat Reader v6.0.2 dated 5/18/2004).

    So, is having JavaScript enabled also a requirement in order for this
    embedded SWF exploit to work?

    -Jay Libove, CISSP

    > Message: 20
    > Date: Tue, 12 Oct 2004 15:56:32 +0200
    > From: Jelmer <jkuperus@planet.nl>
    > To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
    > Subject: [Full-Disclosure] Adobe acrobat / Adobe Reader 6 can read local files
    >
    > Adobe acrobat / Adobe Reader 6 can read local files
    >
    > Description
    >
    > Acrobat/ Acrobat reader is software for viewing and printing Adobe Portable
    > Document Format (PDF) files. Adobe PDF files can be viewed on most major
    > operating systems.
    >
    > Version 6 of this program has an issue with the way it handles embedding
    > macromedia flash files directly into a pdf. This allows a malicious website
    > operator to steal local files from a user's hard drive including cookie
    > files
    >
    > Technical Details:
    >
    > Version 6 of the pdf format introduced a new way to embed movies directly
    > into the pdf file. In previous versions one could only link to media in
    > external files
    >
    > Adobe reader extracts this swf file from the pdf and saves it under a random
    > name to your temp dir, on windows XP and 2000 this dir is usually located at
    >
    > C:\Documents and Settings\<username>\Local Settings\Temp
    >
    > It then appears to "link" directly to this saved file in effect making your
    > local hard disk the codebase for this swf file and allowing it read access
    > to all of the files on your hard drive
    >
    > Systems affected:
    >
    > Adobe reader 6
    > Adobe acrobat 6
    >
    > Demonstration:
    >
    > Create a text file called c:\jelmer.txt then proceed to click on
    >
    > http://62.131.86.111/security/acrobat/demo.pdf
    >
    > Risk: medium

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Daniel Sichel: "[Full-Disclosure] Possibly a stupid question RPC over HTTP"

    Relevant Pages

    • Re: Windows XP Service Pack 2
      ... With regards to the antivirus warning: You can double-click on the "warning ... The easiest way I know to correct this is to uninstall the Adobe ... If you are already running the latest version of the adobe acrobat reader ... Make sure the checkboxes for "Display PDF in browser" and "Check Browser ...
      (microsoft.public.windowsxp.general)
    • Re: Convert MS word to PDF
      ... Earlier versions of Acrobat Reader did include this feature; Adobe Reader no ... it will list a pdf printer on your printer list. ... When you install Adobe Acrobat Reader, ...
      (microsoft.public.word.formatting.longdocs)
    • Re: How to load a PDF using Excel VBA
      ... Adobe Acrobat reader in the command along with the desired file name. ... But use Excel VBA. ... You could search google for pdf translators (to excel or to ...
      (microsoft.public.excel.programming)
    • Re: Generic path for Adobe Reader for form FDF file
      ... all it needs is the full path to the PDF ... I currently got the software to work if I hard code the Adobe ... > the user machine? ... > 'Call Acrobat reader with the new file name ...
      (microsoft.public.access.forms)
    • iDEFENSE Security Advisory 07.05.05: Adobe Acrobat Reader UnixAppOpenFilePerform() Buffer Overflow V
      ... Adobe Acrobat Reader is a program for viewing Portable Document Format ... iDEFENSE has confirmed the existence of this vulnerability in Adobe ...
      (Bugtraq)