Holes in the Adobe Reader plug-in
A critical flaw in an ActiveX control in Adobe's Acrobat Reader 7, made public at the end of November 2006, had at least given users of Internet Explorer one good reason to upgrade to version 8. Now, Firefox users have three good reasons to switch to the current version of Firefox. Security specialists Giorgio Fedon and Elia Florio have discovered a total of four weak points in the Acrobat Reader 7 plug-in for browsers that allegedly allow code to be executed and cause the browser to crash. In addition, one hole in the plug-in allows attackers to execute cross-site scripting attacks (XSS). This fourth hole is noteworthy because classic XSS attacks have traditionally required a weak point in a website. But in this case, all you need to do is add the following to any URL JavaScript:
http://trusted-server/file.pdf#FDF=javascript:alert('Test Alert')
When the link is the launched, the PDF document opens, but the JavaScript code is also executed in the context of the trusted server. An attacker could then copy the registration cookies for this website saved on the PC and misappropriate them for his own access. Symantec says that the problem could result in a major wave of attacks on users because almost everyone uses Adobe Reader. The security advisory lists a number of examples of possible attacks.
In addition, Fedon and Florio have reported a session-riding weak point that attackers can use to have a query sent to another website, without the user's knowledge, when a URL containing parameters to the link is added:
http://site.com/file.pdf#FDF=http://target/index.html?param=...
It is possible that users might unwittingly set off a certain action, such as deleting data, when they click on this link for the target server.
In their security advisory, the authors do not provide many details about how the malicious code is injected: They merely state that extra-long arguments can be manipulated to overwrite parts of the Structural Exception Handler on the stack, which may allow code to be executed in Firefox. Fedon and Florio say that they have developed a proof-of-concept exploit, but do not wish to publish it. Finally, the plug-in for Internet Explorer stumbles when too many hashes (#) have been added to a URL; the reader waits for additional data, taking up a lot of memory in the process. As a result, Internet Explorer freezes.
This flaw affects the Reader plug-in contained in versions of the Adobe reader 7.x. The flaw was tested in Firefox 1.5.0.x, 2.x on Windows XP SP2 and Ubuntu 6.06.
- Adobe Acrobat Reader Plugin - Multiple Vulnerabilities, Stefano Di Paola's security advisory
(trk)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
