首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
安全知识 :: 专题文章

Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability


http://www.gipsky.com/
by cocoruder(frankruder@hotmail.com)

http://ruder.cdut.net, updated on 2008.05.06



Summary:



A design error vulnerability exists in Adobe Reader and Adobe Acrobat Professional. A remote attacker who successfully exploit this vulnerability can control the printer without user's permission.



Affected Software Versions:



Adobe Reader 8.1.1 and earlier versions

Adobe Acrobat Professional, 3D and Standard 8.1.1 and earlier versions



Details:



This vulnerablity due to the design error of the javascript fucntion "DOC.print()", following are the annotates of the function in Adobe's Javascript API Reference(named "js_api_reference.pdf"):



--START--



(Acrobat 7.0) Non-interactive printing can only be executed during batch, console, and menu events. Printing is made non-interactive by setting bUI to false or by setting the interactive property to silent, for example:



var pp = this.getPrintParams();

pp.interactive = pp.constants.interactionLevel.silent;



Outside of batch, console, and menu events, the values of bUI and of interactive are ignored and a print dialog box will always be presented.



--END--



But Adobe has not realized it in the current version, so we can call the printer silently without user's permission. The attacker can build a vicious PDF document, once the victim view the document with Adobe Acrobat Professional or Adobe Reader, it will waste a lot of the victim's printer resources. For example, attacker can build a PDF document including the following scripts:



var pp = this.getPrintParams();

pp.interactive = pp.constants.interactionLevel.silent;



for (var i=0;ihttp://www.adobe.com/support/security/advisories/apsa08-01.html



Right now Adobe released the final advisory and patch which are available on:



http://www.adobe.com/support/security/bulletins/apsb08-13.html



Fortinet advisory can be found at:



http://www.fortiguardcenter.com



CVE Information:



CVE-2008-0655



Disclosure Timeline:



2007.11.01 Vendor notified

2007.11.02 Vendor responded

2008.02.07 Initial coordinated disclosure

2008.05.06 Final coordinated disclosure



--EOF--
<< Yahoo! 助手(3721) ActiveX远程代码执行漏洞 Perl出现漏洞 >>
评分
10987654321
API:
gipsky.com& 安信网络
网友个人意见,不代表本站立场。对于发言内容,由发表者自负责任。

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备05056747号