Fiche créée le 2005-04-04 18:04:24, dernière mise à jour le 2008-03-02 23:51:09
Adobe Reader contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker calls the .LoadFile() method exposed by ActiveX in Internet Explorer via a malicious web page to trigger a flaw in Adobe Reader and disclose information on existence of local files in the target system resulting in a loss of confidentiality.
.LoadFile() is a method exposed by ActiveX in Internet Explorer which takes filename as the argument. Hence the existence of local files can be discovered only if the complete pathnames and filenames are known to the attacker in advance.
The contents of the files can't be accessed.
An attack can take place only when the recipient opens PDF documents directly with Internet Explorer via Adobe Web Control Active X object.
|
| |
| Adobe Systems Incorporated 6.0.2 Affected |
| Adobe Systems Incorporated 6.0.3 Affected |
| Adobe Systems Incorporated 6.0.4 Affected |
| Adobe Systems Incorporated 6.0.5 Affected |
| Adobe Systems Incorporated 7.0 Affected |
| Adobe Systems Incorporated 7.0.1 Possible Affected |
| Adobe Systems Incorporated 7.0.2 Possible Affected |
| Adobe Systems Incorporated 7.0.3 Possible Affected |
| Adobe Systems Incorporated 7.0.5 Possible Affected |
| Adobe Systems Incorporated 7.0.7 Possible Affected |
| Adobe Systems Incorporated 7.0.8 Possible Affected |
| |
Attack Type : Information Disclosure
comments, passwords, fingerprinting, system information. |
Découvert le 2005-04-04 17:49:01
|
Impact : Loss of Confidentiality
Assurance that data is protected and not disclosed to an unauthorized party.
Examples: password disclosures, server information, environment variables, confirmation of file existence, path disclosure, file content access, some SQL injection. |
| |
Location : Remote / Network Access
If network access if required and exploit can be done remotely. |
| |
| |
| External refs : |
| OSVDB 15242 |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
