Executive Summary
Summary | |
---|---|
Title | Adobe Acrobat and Reader contain vulnerabilities in multiple Document Object JavaScript methods |
Informations | |||
---|---|---|---|
Name | VU#257117 | First vendor Publication | 2009-10-13 |
Vendor | VU-CERT | Last vendor Modification | 2009-10-27 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#257117Adobe Acrobat and Reader contain vulnerabilities in multiple Document Object JavaScript methodsOverviewA vulnerability in the way Adobe Acrobat and Reader enforce privileges on JavaScript in PDF files could allow arbitrary files to be written to the local file system of an affected system.I. DescriptionAdobe Reader and the Adobe Acrobat family of software are designed to create, view, and edit Portable Document Format (PDF) files. Adobe Reader is widely deployed, and the Acrobat Reader Plug-In displays PDF inside a web browser.Adobe Reader and Acrobat support JavaScript. According to the JavaScript for Acrobat API reference, certain methods are designed to be unavailable or have security restrictions in a non-privileged context. As a result, it should not be possible to call these methods from non-privileged events, such as page open or mouse-up. Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB09-15 and update vulnerable versions of Adobe Reader and Acrobat.
Prevent Internet Explorer from automatically opening PDF documents The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOTAcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the displaying of PDF documents in the web browser Preventing PDF documents from opening inside a web browser reduces attack surface. If this workaround is applied to updated versions of Adobe Reader and Acrobat, it may protect against future vulnerabilities. To prevent PDF documents from automatically being opened in a web browser with Adobe Reader:
Systems Affected
References
Thanks to Richard van Eeden of IOActive, for reporting this issue. This document was written by Chad R Dougherty.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/257117 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5822 | |||
Oval ID: | oval:org.mitre.oval:def:5822 | ||
Title: | Adobe Reader and Acrobat cause Multiple Vulnerabilities | ||
Description: | The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2993 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-27 | Name : Gentoo Security Advisory GLSA 200910-03 (acroread) File : nvt/glsa_200910_03.nasl |
2009-10-27 | Name : SuSE Security Advisory SUSE-SA:2009:049 (acroread, acroread_ja) File : nvt/suse_sa_2009_049.nasl |
2009-10-22 | Name : Adobe Reader Multiple Vulnerabilities - Oct09 (Linux) File : nvt/gb_adobe_prdts_mult_vuln_oct09_lin.nasl |
2009-10-22 | Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Oct09 (Win) File : nvt/gb_adobe_prdts_mult_vuln_oct09_win.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1499 File : nvt/RHSA_2009_1499.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
58908 | Adobe Reader / Acrobat Multiple Unspecified Validation Weakness Arbitrary Cod... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Adobe Acrobat Reader doc.export arbitrary file write attempt RuleID : 16324 - Revision : 12 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6582.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6583.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6584.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6585.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_acroread-6588.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200910-03.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-091022.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-091022.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread-091022.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-091022.nasl - Type : ACT_GATHER_INFO |
2009-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1499.nasl - Type : ACT_GATHER_INFO |
2009-10-14 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb09-15.nasl - Type : ACT_GATHER_INFO |
2009-10-14 | Name : The PDF file viewer on the remote Windows host is affected by a memory corrup... File : adobe_reader_apsb09-15.nasl - Type : ACT_GATHER_INFO |