Adobe Acrobat/Reader JavaScript API DOC.print功能 资源管理错误

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1187718 漏洞类型 资源管理错误
发布时间 2008-02-11 更新时间 2008-11-25
CVE编号 CVE-2008-0667 CNNVD-ID CNNVD-200802-169
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2008020027
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200802-169
|漏洞详情
AdobeAcrobat和Reader都是流行的PDF文件阅读器。JavaScriptAPIDOC.print功能,如AdobeAcrobat和Reader,允许远程攻击者配置沉默非交互式打印,并触发印刷一份文件任意数量的副本。注意:此问题可能在CVE-2008-0655中包含了。
|漏洞EXP
Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability

by cocoruder(frankruder (at) hotmail (dot) com [email concealed])
http://ruder.cdut.net

Summary:

A design error vulnerability exists in Adobe Reader and Adobe
Acrobat Professional. A remote attacker who successfully exploit this
vulnerability can control the printer without user's permission.

Affected Software Versions:

Adobe Reader 8.1.1 and earlier versions
    Adobe Acrobat Professional, 3D and Standard 8.1.1 and earlier versions

Details:

Currently there is no details released because the final patch is
not available, more informations will be updated soon.

Solution:

Adobe has released an advisory for this vulnerability and a patch
for Adobe Reader which are available on:

http://www.adobe.com/support/security/advisories/apsa08-01.html

Fortinet advisory can be found at:

http://www.fortiguardcenter.com

CVE Information:

To be updated

Disclosure Timeline:

2007.11.01        Vendor notified
    2007.11.02        Vendor responded
    2008.02.07        Initial coordinated disclosure

--EOF--
|参考资料

来源:US-CERT
名称:TA08-043A
链接:http://www.us-cert.gov/cas/techalerts/TA08-043A.html
来源:BID
名称:27641
链接:http://www.securityfocus.com/bid/27641
来源:www.adobe.com
链接:http://www.adobe.com/support/security/advisories/apsa08-01.html
来源:SECUNIA
名称:28851
链接:http://secunia.com/advisories/28851
来源:SECUNIA
名称:28802;PatchInformation
链接:http://secunia.com/advisories/28802
来源:BUGTRAQ
名称:20080208AdobeReader/AcrobatRemotePDFPrintSilentlyVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/487760/100/0/threaded
来源:REDHAT
名称:RHSA-2008:0144
链接:http://www.redhat.com/support/errata/RHSA-2008-0144.html
来源:VUPEN
名称:ADV-2008-1966
链接:http://www.frsirt.com/english/advisories/2008/1966/references
来源:VUPEN
名称:ADV-2008-0425
链接:http://www.frsirt.com/english/advisories/2008/0425/references
来源:MISC
链接:http://www.fortiguardcenter.com/advisory/FGA-2008-04.html
来源:SUNALERT
名称:239286
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
来源:SECUNIA
名称:30840
链接:http://secunia.com/advisories/30840
来源