Exploit Surfaces in Web Browser PDF Plug-Ins
Several security firms have found a vulnerability in the Adobe Reader that is surprisingly easy to initiate and also very dangerous.
The problem involves passing input from a URL to a hosted PDF file. The data is not properly cleaned by the browser's PDF reader plug-in before being returned to users, so any data can be passed through. This can be exploited to execute arbitrary script code in a user's browser.
iDefense president Ken Dunham provided a simple proof of concept, simply by tacking a little text on to the end of the link with a PDF file.
For example, the link:
"http://[URL]/[FILENAME].pdf#something=javascript:alert(123);"
Would open a PDF file in the browser, and a pop-up box would appear on the user's screen with an alert that reads "123."
Because it initiates a JavaScript script on the client, there is tremendous potential for dangerous activity, such as stealing cookie information or cross-site scripting.
Adobe (Quote) said in a statement sent to internetnews.com that it is aware of the vulnerability "that could potentially affect previous versions of Adobe Reader." Adobe further noted the potential vulnerability does not effect the current, version 8, of Adobe Reader, which it encouraged users to download. "Adobe is also working on updates to previous versions that will resolve this issue," the company said.
Read complete article here.
No comments:
Post a Comment