SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Acrobat/Reader Vendors:   Adobe Systems Incorporated
Adobe Acrobat XML External Entity Error Lets Remote Users Determine File Existence
SecurityTracker Alert ID:  1014212
SecurityTracker URL:  http://securitytracker.com/id/1014212
CVE Reference:   CVE-2005-1306   (Links to External Site)
Date:  Jun 16 2005
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0, 7.0.1
Description:   A vulnerability was reported in Adobe Acrobat in the processing of XML scripts. A remote user can determine if specified files exist on the target user's system.

A remote user can create an Adobe Acrobat PDF file including an XML script within Javascript that, when loaded by the target user, will be able to determine if files exist on the target system. The full path and filename must be specified.

The vendor credits Sverre H. Huseby with reporting this vulnerability.

Impact:   A remote user can determine the existence of files on the target user's system.
Solution:   The vendor has released a fixed version (7.0.2), available at:

http://www.adobe.com/support/downloads/

The fix is available for Windows-based systems. A fix for Mac OS will be available shortly. The vendor indicates that you can disable any Acrobat JavaScript as a workaround (choose Adobe > Preferences >JavaScript and deselect Enable Acrobat JavaScript).

Vendor URL:  www.adobe.com/support/techdocs/331710.html (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC