Computer Security
[EN] securityvulns.ru no-pyccku


Adobe reader plugin PDF files universal crossite scripting
updated since 03.01.2007
Published:04.01.2007
Source:
SecurityVulns ID:6994
Type:client
Threat Level:
7/10
Description:1. By using URIs like http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here it's possible to execute code in context of any Web site where at least one PDF is stored. 2. By using "trigger action" in PDF document it's possible to execute code in context of the web page where document is stored. There are also more bugs exploitable thorugh a web page.
Affected:ADOBE : Acrobat Reader 6.0
 ADOBE : Acrobat Reader 7.0
CVE:CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.)
 CVE-2007-0048 (Adobe Acrobat Reader Plugin before 8.0.0, when used with Internet Explorer, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL.)
 CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.)
 CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.)
 CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0 for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS).")
 CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding.")
Original documentdocumentStefano Di Paola, Adobe Acrobat Reader Plugin - Multiple Vulnerabilities (04.01.2007)
 documentMaximize Designs, Re: Unpatchable Quicktime XSS (03.01.2007)
 documentpdp (architect), [Full-disclosure] Universal XSS with PDF files: highly dangerous (03.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod