Hyperdose Security Advisory Name: Local file detection found through Adobe Reader ActiveX control Systems Affected: Adobe Reader 7.0 and earlier Severity: Low Author: Robert Fly - robfly@hyperdose.com Advisory URL: http://www.hyperdose.com/advisories/H2005-06.txt --Adobe Description-- >From Adobe.com, "Adobe helps people and businesses communicate better through its world-leading digital imaging, design, and document technology platforms for consumers, creative professionals, and enterprises.". --Bug Details-- Adobe Reader contains a Safe for Scripting method with the definition of VARIANT_BOOL LoadFile([in] BSTR fileName). A malicious user can take advantage of this if they can get their victim to navigate to their malicious website. On the website, the attacker can call the LoadFile method, passing in a local file name on their victim's computer. Using this method, the attacker is able to determine file existence on their victim's machine. Through this method it is not possible to extract the content of the file. This attack would be useful as a stepping stone to further attacks. Knowing the existence of a local file an attacker can gain knowledge as to the software and likely versions of software the individual is using. NOTE: This bug was discovered by NISCC in parallel prior to the fix release. --Fix Information-- Upgrade info and further details from Adobe can be found here: http://www.adobe.com/support/techdocs/331465.html This fix was originally posted on 4/1/05. --About Hyperdose-- Hyperdose Security was founded to provide companies with application security knowledge through all parts of an application's security development lifecycle. We specialize in all phases of software development ranging from security design and architectural reviews, security code reviews and penetration testing. web www.hyperdose.com email robfly@hyperdose.com