|
|
| |
| A vulnerability within the Adobe Reader and Acrobat web control has been identified. Under certain circumstances, if the Internet Explorer ActiveX control is directly invoked by a web page, it is possible to discover the existence of local files by monitoring the behavior of certain methods. |
| |
Credit:
The information has been provided by Hyperdose Security.
The original article can be found at: http://www.hyperdose.com/advisories/H2005-06.txt
|
| |
Adobe Reader contains a Safe for Scripting method with the definition of VARIANT_BOOL LoadFile([in] BSTR fileName). A malicious user can take advantage of this if they can get their victim to navigate to their malicious website. On the website, the attacker can call the LoadFile method, passing in a local file name on their victim's computer. Using this method, the attacker is able to determine file existence on their victim's machine. Through this method it is not possible to extract the content of the file.
This attack would be useful as a stepping stone to further attacks. Knowing the existence of a local file an attacker can gain knowledge as to the software and likely versions of software the individual is using.
NOTE: This bug was discovered by NISCC in parallel prior to the fix release.
Fix Information:
Upgrade info and further details from Adobe can be found here: http://www.adobe.com/support/techdocs/331465.html. This fix was originally posted on 4/1/05.
CVE Information:
CAN-2005-0035
|
|
|
|
|
