lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0I5H001195EBYO@smtp13.wxs.nl>
Date: Tue, 12 Oct 2004 15:56:32 +0200
From: Jelmer <jkuperus@...net.nl>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Adobe acrobat / Adobe Reader 6 can read local files


Adobe acrobat / Adobe Reader 6 can read local files

Description

Acrobat/ Acrobat reader is software for viewing and printing Adobe Portable
Document Format (PDF) files. Adobe PDF files can be viewed on most major
operating systems.

Version 6 of this program has an issue with the way it handles embedding
macromedia flash files directly into a pdf. This allows a malicious website
operator to steal local files from a user's hard drive including cookie
files

Technical Details:

Version 6 of the pdf format introduced a new way to embed movies directly
into the pdf file. In previous versions one could only link to media in
external files

Adobe reader extracts this swf file from the pdf and saves it under a random
name to your temp dir, on windows XP and 2000 this dir is usually located at

C:\Documents and Settings\<username>\Local Settings\Temp

It then appears to "link" directly to this saved file in effect making your
local hard disk the codebase for this swf file and allowing it read access
to all of the files on your hard drive

Systems affected:

Adobe reader 6
Adobe acrobat 6

Demonstration:

Create a text file called c:\jelmer.txt then proceed to click on 

http://62.131.86.111/security/acrobat/demo.pdf

Risk: medium


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ