[Full-Disclosure] Re: Adobe acrobat / Adobe Reader 6 can read local files

From: Jay Libove (libove_at_felines.org)
Date: 10/12/04

  • Next message: Daniel Sichel: "[Full-Disclosure] Possibly a stupid question RPC over HTTP"
    To: full-disclosure@lists.netsys.com
    Date: Tue, 12 Oct 2004 13:00:36 -0400 (EDT)
    
    

    I have Acrobat Reader configured to NOT run Javascript. The demo did not
    work on my system (XP, SP2, Acrobat Reader v6.0.2 dated 5/18/2004).

    So, is having JavaScript enabled also a requirement in order for this
    embedded SWF exploit to work?

    -Jay Libove, CISSP

    > Message: 20
    > Date: Tue, 12 Oct 2004 15:56:32 +0200
    > From: Jelmer <jkuperus@planet.nl>
    > To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
    > Subject: [Full-Disclosure] Adobe acrobat / Adobe Reader 6 can read local files
    >
    > Adobe acrobat / Adobe Reader 6 can read local files
    >
    > Description
    >
    > Acrobat/ Acrobat reader is software for viewing and printing Adobe Portable
    > Document Format (PDF) files. Adobe PDF files can be viewed on most major
    > operating systems.
    >
    > Version 6 of this program has an issue with the way it handles embedding
    > macromedia flash files directly into a pdf. This allows a malicious website
    > operator to steal local files from a user's hard drive including cookie
    > files
    >
    > Technical Details:
    >
    > Version 6 of the pdf format introduced a new way to embed movies directly
    > into the pdf file. In previous versions one could only link to media in
    > external files
    >
    > Adobe reader extracts this swf file from the pdf and saves it under a random
    > name to your temp dir, on windows XP and 2000 this dir is usually located at
    >
    > C:\Documents and Settings\<username>\Local Settings\Temp
    >
    > It then appears to "link" directly to this saved file in effect making your
    > local hard disk the codebase for this swf file and allowing it read access
    > to all of the files on your hard drive
    >
    > Systems affected:
    >
    > Adobe reader 6
    > Adobe acrobat 6
    >
    > Demonstration:
    >
    > Create a text file called c:\jelmer.txt then proceed to click on
    >
    > http://62.131.86.111/security/acrobat/demo.pdf
    >
    > Risk: medium

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Daniel Sichel: "[Full-Disclosure] Possibly a stupid question RPC over HTTP"

    Relevant Pages

    • Re: Windows XP Service Pack 2
      ... With regards to the antivirus warning: You can double-click on the "warning ... The easiest way I know to correct this is to uninstall the Adobe ... If you are already running the latest version of the adobe acrobat reader ... Make sure the checkboxes for "Display PDF in browser" and "Check Browser ...
      (microsoft.public.windowsxp.general)
    • Re: Convert MS word to PDF
      ... Earlier versions of Acrobat Reader did include this feature; Adobe Reader no ... it will list a pdf printer on your printer list. ... When you install Adobe Acrobat Reader, ...
      (microsoft.public.word.formatting.longdocs)
    • Re: Discover Card: Screw me? Screw you! (Discover Card Statements No Longer Viewable in Preview)
      ... "Adobe Reader" is the free tool to view pdf's. ... Please stop writing about "Acrobat Reader", ... Most Communications are provided in either HTML and/or PDF format. ...
      (comp.sys.mac.apps)
    • Re: Okular vs. Acroread.
      ... Adobe's fault that Acrobat reader will do this when asked by the pdf. ... Shame on adobe for thinking like microsoft, ... In the case of pdf, Adobe originally based it on a restricted and non-programmable version of postscript. ... They failed to realise that it doesn't have to be as complete an implementation as in browsers, and it certainly doesn't need to be fast - a slow but secure javascript engine would be a better choice. ...
      (comp.os.linux.misc)
    • iDEFENSE Security Advisory 07.05.05: Adobe Acrobat Reader UnixAppOpenFilePerform() Buffer Overflow V
      ... Adobe Acrobat Reader is a program for viewing Portable Document Format ... iDEFENSE has confirmed the existence of this vulnerability in Adobe ...
      (Bugtraq)