exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

adobe-print-v2.txt

adobe-print-v2.txt
Posted May 7, 2008
Authored by cocoruder | Site ruder.cdut.net

A design error vulnerability exists in Adobe Reader and Adobe Acrobat Professional. A remote attacker who successfully exploit this vulnerability can control the printer without user's permission. Affected software versions include Adobe Reader 8.1.1 and below and Adobe Acrobat Professional 8.1.1 and below. This is an updated advisory.

tags | advisory, remote
advisories | CVE-2008-0655
SHA-256 | 2cbd1fa58213bb05a1302dcd79477d4bf94dbb3a84581019cd11a86426875dff

adobe-print-v2.txt

Change Mirror Download
[UPDATE]Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability

by cocoruder(frankruder@hotmail.com)
http://ruder.cdut.net, updated on 2008.05.06


Summary:

A design error vulnerability exists in Adobe Reader and Adobe
Acrobat Professional. A remote attacker who successfully exploit this
vulnerability can control the printer without user's permission.



Affected Software Versions:

Adobe Reader 8.1.1 and earlier versions
Adobe Acrobat Professional, 3D and Standard 8.1.1 and earlier versions



Details:

This vulnerablity due to the design error of the javascript
fucntion "DOC.print()", following are the annotates of the function in
Adobe's Javascript API Reference(named "js_api_reference.pdf"):

--START--

(Acrobat 7.0) Non-interactive printing can only be executed during
batch, console, and menu events. Printing is made non-interactive by
setting bUI to false or by setting the interactive property to silent,
for example:

var pp = this.getPrintParams();
pp.interactive = pp.constants.interactionLevel.silent;

Outside of batch, console, and menu events, the values of bUI and of
interactive are ignored and a print dialog box will always be
presented.

--END--

But Adobe has not realized it in the current version, so we can
call the printer silently without user's permission. The attacker can
build a vicious PDF document, once the victim view the document with
Adobe Acrobat Professional or Adobe Reader, it will waste a lot of the
victim's printer resources. For example, attacker can build a PDF
document including the following scripts:

var pp = this.getPrintParams();
pp.interactive = pp.constants.interactionLevel.silent;

for (var i=0;i<10000;i++)
{
this.print(pp);
}

It will print this document 1000 times without user's permission.



Solution:

Adobe has released an advisory for this vulnerability and a patch
for Adobe Acrobat/Reader 8 but not for Adobe Acrobat/Reader 7 which
are available on:

http://www.adobe.com/support/security/advisories/apsa08-01.html

Right now Adobe released the final advisory and patch which are
available on:

http://www.adobe.com/support/security/bulletins/apsb08-13.html

Fortinet advisory can be found at:

http://www.fortiguardcenter.com



CVE Information:

CVE-2008-0655



Disclosure Timeline:

2007.11.01 Vendor notified
2007.11.02 Vendor responded
2008.02.07 Initial coordinated disclosure
2008.05.06 Final coordinated disclosure



--EOF--
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close