HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-01
Multiple XSS vulnerabilities in Adobe Acrobat Plug-In

Original issue date: January 08, 2007

Severity Rating: Medium

Systems Affected

  • Adobe Reader 7.0.8 and earlier versions
  • Adobe Acrobat Standard, Professional and Elements 7.0.8
    and earlier versions
  • Adobe Acrobat 3D
  • Adobe Acrobat Reader Plug-In before 8.0.0

Overview

Multiple cross-site scripting and code execution vulnerabilities have been reported in Adobe Acrobat Plug-In for different browsers such as Mozilla Firefox, Internet Explorer and Opera.

Description

1. Universal CSRF and session riding Vulnerability (CVE-2007-0044)

A vulnerability has been reported in Adobe Acrobat Plug-In for web browsers viz. Firefox, Internet Explorer and Opera while validating inputs to the FDF, XML and XFDF AJAX request parameters via a URL. A remote attacker could craft a URL to force the affected browser to make unauthorized requests to other websites to cause Universal Cross-Site Request Forgery ( CSRF) or session riding attack on the affected system.

2. Universal XSS Vulnerability (CVE-2007-0045)

UXSS is a particular type of Cross Site Scripting which could be triggered by exploiting flaws inside browsers, instead of leveraging the vulnerabilities against insecure web sites.

A vulnerability has been reported in Adobe Acrobat Plug-In for Firefox, while validating inputs to the FDF, XML, XFDF AJAX request parameters via a javascript: or res: URI . A remote attacker could inject arbitrary JavaScript (in a URL) to cause Universal XSS attack on the affected system.

3. Remote code execution Vulnerability (CVE-2007-0046)

A vulnerability has been reported in Adobe Acrobat Plug-In for Mozilla Firefox due to improper functionality in "Double MSVCRT.free()" method executed by Acrobat plugin. This flaw could be exploited by causing a memory corruption error via a javascript: URI call to document.write method in the FDF, XML or XFDF AJAX request parameters. Successful exploitation allows a remote attacker to execute arbitrary code on the affected system.

4. CRLF injection vulnerability (CVE-2006-0047)

A vulnerability has been reported in Adobe Acrobat Plug-In when used with Microsoft.XMLHTTP ActiveX object in Internet Explorer while validating inputs to the FDF, XML or XFDF AJAX request parameters.

This flaw could be exploited by attackers to conduct HTTP Response Splitting attacks via a CRLF (Carriage Return and Line Feed) sequences in the javascript: URI in the affected parameters.

Workaround

Do not visit untrusted sites nor follow links from untrusted sources.

Solution

Upgrade to version 8.0.0.
www.adobe.com/go/getreader

References

Adobe
http://www.adobe.com/support/security/advisories/apsa07-01.html

Wisec
http://www.wisec.it/vulns.php?page=9

Secunia
http://secunia.com/advisories/23483/

Security Focus
http://www.securityfocus.com/archive/1/archive/
1/455801/100/0/threaded

US-CERT
http://www.kb.cert.org/vuls/id/815960

CVE Name
CVE-2007-0044
CVE-2007-0045
CVE-2007-0046
CVE-2007-0047

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003