lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1114279187.9658@mx249a.mysite4now.com>
Date: Sat, 23 Apr 2005 10:51:50 -0700
From: "Hyperdose Security" <robfly@...erdose.com>
To: <bugtraq@...urityfocus.com>
Subject: Local file detection found through Adobe Reader ActiveX control


Hyperdose Security Advisory

Name: Local file detection found through Adobe Reader ActiveX control 
Systems Affected: Adobe Reader 7.0 and earlier
Severity: Low
Author: Robert Fly - robfly@...erdose.com 
Advisory URL: http://www.hyperdose.com/advisories/H2005-06.txt

--Adobe Description--
From Adobe.com, "Adobe helps people and businesses communicate better
through its world-leading digital imaging, design, and document technology
platforms for consumers, creative professionals, and enterprises.".  

--Bug Details--
Adobe Reader contains a Safe for Scripting method with the definition of
VARIANT_BOOL LoadFile([in] BSTR fileName).  A malicious user can take
advantage of this if they can get their victim to navigate to their
malicious website.  On the website, the attacker can call the LoadFile
method, passing in a local file name on their victim's computer.  Using this
method, the attacker is able to determine file existence on their victim's
machine.  Through this method it is not possible to extract the content of
the file.

This attack would be useful as a stepping stone to further attacks.  Knowing
the existence of a local file an attacker can gain knowledge as to the
software and likely versions of software the individual is using.

NOTE: This bug was discovered by NISCC in parallel prior to the fix release.

--Fix Information--
Upgrade info and further details from Adobe can be found here:
http://www.adobe.com/support/techdocs/331465.html
This fix was originally posted on 4/1/05.

--About Hyperdose--
Hyperdose Security was founded to provide companies with application
security knowledge through all parts of an application's security
development lifecycle.  We specialize in all phases of software development
ranging from security design and architectural reviews, security code
reviews and penetration testing.

web   www.hyperdose.com 
email robfly@...erdose.com





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ