SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Acrobat/Reader Vendors:   Adobe Systems Incorporated
Adobe Acrobat URI Handling Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1018822
SecurityTracker URL:  http://securitytracker.com/id/1018822
CVE Reference:   CVE-2007-3896   (Links to External Site)
Updated:  Apr 1 2008
Original Entry Date:  Oct 16 2007
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 8.1 and prior versions
Description:   A vulnerability was reported in Adobe Acrobat. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a PDF file with a specially crafted web link that, when loaded by the target user, will trigger a URI handling flaw and execute arbitrary commands on the target system. The commands will run with the privileges of the target user.

A demonstration exploit is available at:

http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf

cyanid-E reported this vulnerability.

Impact:   A remote user can create a file with a link that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.adobe.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] 0-day PDF exploit

--===============0127536477==
Content-Type: multipart/alternative; 
	boundary="----=_Part_6437_2501732.1192536014462"

------=_Part_6437_2501732.1192536014462
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Zero day PDF exploit for Adobe Acrobat


Link to exploit:

Please download and open it locally in Adobe Acrobat (not in Adobe Acrobat
ActiveX control):

http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf


Description:

0-day proof of concept (PoC) exploit for Adobe Acrobat.


Software affected:

+ Adobe Reader 8.1 (and earlier)
+ Adobe Acrobat Standard, Pro and Elements 8.1 (and earlier)
+ Adobe Acrobat 3D


System affected:

+ Windows XP with IE7


Details:

To view exploit code in Adobe Acrobat go to: Pages -> Page Properties ->
Actions
(trigger: Page Open, action: Open a web link)

This is URL handling bug in shell32!ShellExecute()


Workaround:

Currently unavailable.


Thanks to:

pdp (at) gnucitizen.org for his investigation


regards,
cyanid-E <biz4rre@gmail.com>

------=_Part_6437_2501732.1192536014462
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Zero day PDF exploit for Adobe Acrobat<br><br><br>Link to exploit:<br><br>Please download and open it locally in Adobe Acrobat (not
 in Adobe Acrobat ActiveX control):<br><br><a href="http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf">
http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf</a><br><br><br>Description:<br><br>0-day proof of concept (PoC) exploit for
 Adobe Acrobat.<br><br><br>Software affected:<br><br>+ Adobe Reader 8.1 (and earlier)<br>+ Adobe Acrobat Standard, Pro and Elements
 
8.1 (and earlier)<br>+ Adobe Acrobat 3D<br><br><br>System affected:<br><br>+ Windows XP with IE7<br><br><br>Details:<br><br>To view
 exploit code in Adobe Acrobat go to: Pages -&gt; Page Properties -&gt; Actions<br>(trigger: Page Open, action: Open a web link)
<br><br>This is URL handling bug in shell32!ShellExecute()<br><br><br>Workaround:<br><br>Currently unavailable.<br><br><br>Thanks
 to:<br><br>pdp (at) <a href="http://gnucitizen.org">gnucitizen.org</a> for his investigation
<br><br><br>regards,<br>cyanid-E &lt;<a href="mailto:biz4rre@gmail.com">biz4rre@gmail.com</a>&gt;<br><br><br>

------=_Part_6437_2501732.1192536014462--


--===============0127536477==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============0127536477==--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC