Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability
http://ruder.cdut.net, updated on 2008.05.06
Summary:
A design error vulnerability exists in Adobe Reader and Adobe Acrobat Professional. A remote attacker who successfully exploit this vulnerability can control the printer without user's permission.
Affected Software Versions:
Adobe Reader 8.1.1 and earlier versions
Adobe Acrobat Professional, 3D and Standard 8.1.1 and earlier versions
Details:
This vulnerablity due to the design error of the javascript fucntion "DOC.print()", following are the annotates of the function in Adobe's Javascript API Reference(named "js_api_reference.pdf"):
--START--
(Acrobat 7.0) Non-interactive printing can only be executed during batch, console, and menu events. Printing is made non-interactive by setting bUI to false or by setting the interactive property to silent, for example:
var pp = this.getPrintParams();
pp.interactive = pp.constants.interactionLevel.silent;
Outside of batch, console, and menu events, the values of bUI and of interactive are ignored and a print dialog box will always be presented.
--END--
But Adobe has not realized it in the current version, so we can call the printer silently without user's permission. The attacker can build a vicious PDF document, once the victim view the document with Adobe Acrobat Professional or Adobe Reader, it will waste a lot of the victim's printer resources. For example, attacker can build a PDF document including the following scripts:
var pp = this.getPrintParams();
pp.interactive = pp.constants.interactionLevel.silent;
for (var i=0;i<10000;i++)
{
this.print(pp);
}
It will print this document 1000 times without user's permission.
Solution:
Adobe has released an advisory for this vulnerability and a patch for Adobe Acrobat/Reader 8 but not for Adobe Acrobat/Reader 7 which are available on:
http://www.adobe.com/support/security/advisories/apsa08-01.html
Right now Adobe released the final advisory and patch which are available on:
http://www.adobe.com/support/security/bulletins/apsb08-13.html
Fortinet advisory can be found at:
http://www.fortiguardcenter.com
CVE Information:
CVE-2008-0655
Disclosure Timeline:
2007.11.01 Vendor notified
2007.11.02 Vendor responded
2008.02.07 Initial coordinated disclosure
2008.05.06 Final coordinated disclosure
--EOF--
评论Feed: http://www.neeao.com/blog/feed.asp?q=comment&id=5112
这篇日志没有评论.
