SecurityTracker.com Archives - Adobe Acrobat Embedded Flash Capability Lets Remote Users Access Files on the Target User's System

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Adobe Acrobat

Vendors: Adobe Systems Incorporated

Adobe Acrobat Embedded Flash Capability Lets Remote Users Access Files on the Target User's System

SecurityTracker Alert ID: 1011651

SecurityTracker URL: http://securitytracker.com/id?1011651

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Updated: Oct 16 2004

Original Entry Date: Oct 13 2004

Impact: Disclosure of system information, Disclosure of user information

Exploit Included: Yes

Version(s): 6

Description: A vulnerability was reported in Adobe Acrobat and Acrobat Reader. A remote user can create a PDF file that, when viewed by the target user, can read files on the target user's system.

Jelmer reported that there is a vulnerability in the processing of embedded Macromedia Flash ('.swf') files within PDF files. The software stores the flash file in the target user's temporary directory and links to this temporary file to access the Flash content. As a result, the Flash code runs in the context of the Local Computer, allowing the Flash content to access files on the target user's system.

A demonstration exploit is available at:

http://62.131.86.111/security/acrobat/demo.pdf

The demonstration requires a text file named 'c:\jelmer.txt' on the target user's system.

Impact: A remote user can access files on the target user's system.

Solution: No solution was available at the time of this entry.

Nick Leoncavallo reported that, as a workaround, a user can disallow multimedia operations in the "Trust Manager" settings.

Vendor URL: www.adobe.com/ (Links to External Site)

Cause: Access control error

Underlying OS: Windows (Any)

Reported By: Jelmer <jkuperus@planet.nl>

Message History: None.

Source Message Contents

Date: Tue, 12 Oct 2004 15:56:32 +0200
From: Jelmer <jkuperus@planet.nl>
Subject: [Full-Disclosure] Adobe acrobat / Adobe Reader 6 can read local files

 

Adobe acrobat / Adobe Reader 6 can read local files

Description

Acrobat/ Acrobat reader is software for viewing and printing Adobe Portable
Document Format (PDF) files. Adobe PDF files can be viewed on most major
operating systems.

Version 6 of this program has an issue with the way it handles embedding
macromedia flash files directly into a pdf. This allows a malicious website
operator to steal local files from a user's hard drive including cookie
files

Technical Details:

Version 6 of the pdf format introduced a new way to embed movies directly
into the pdf file. In previous versions one could only link to media in
external files

Adobe reader extracts this swf file from the pdf and saves it under a random
name to your temp dir, on windows XP and 2000 this dir is usually located at

C:\Documents and Settings\<username>\Local Settings\Temp

It then appears to "link" directly to this saved file in effect making your
local hard disk the codebase for this swf file and allowing it read access
to all of the files on your hard drive

Systems affected:

Adobe reader 6
Adobe acrobat 6

Demonstration:

Create a text file called c:\jelmer.txt then proceed to click on 

http://62.131.86.111/security/acrobat/demo.pdf

Risk: medium


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2004, SecurityGlobal.net LLC