lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Jun 2005 17:08:38 +0200
From: "Sverre H. Huseby" <shh@...thost.com>
To: bugtraq@...urityfocus.com
Subject: Adobe Reader 7: XML External Entity (XXE) Attack


XML External Entity (XXE) Attack Possible in Adobe Reader 7
-----------------------------------------------------------

                                                    SHH #7, 2005-06-16

Description
-----------

Recent versions of Adobe Reader (previously known as Acrobat Reader)
are vulnerable to XML External Entity (XXE) Attacks.  By including a
JavaScript in a PDF file, and have this JavaScript parse an embedded
XML document with a reference to an external entity, it is possible to
read certain types of textual files on the local computer, and have
them sent to a remote attacker.


Details
-------

The hairy details (the problem description sent to Adobe), including
sample PDFs, are available on a separate web page:
  http://shh.thathost.com/secadv/adobexxe/


Solution
--------

Disable the use of JavaScript in Adobe Reader, or upgrade to a version
not vulnerable to this attack.


Vendor Notification
-------------------

The Adobe developers were notified on 2005-04-15.  They made a fix
available on 2005-06-15.


Affected versions
-----------------

Confirmed to work in version 7.0 and 7.0.1 on Microsoft Windows,
version 7.0 on GNU/Linux and version 7.0 on Mac OSX.

It is unknown whether the attack works in version 6, which also
supports JavaScript in PDF files.


Fixed versions
--------------

Adobe Reader version 7.0.2.
For Adobe's own advisory, see the following URL:
  http://www.adobe.com/support/techdocs/331710.html


Credits
-------

Thanks to Jeremiah Grossman for verifying that the attack also works
on the Mac OSX version of Adobe Reader.


----------------------------
Reported by Sverre H. Huseby


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ