Adobe Acrobat obsahuje chybu, umož?ující (ve Windows) vzdálený p?ístup do PC, záplata ješt? není
14.10.2004Version(s): 6
Description: A vulnerability was reported in Adobe Acrobat and Acrobat Reader. A remote user can create a PDF file that, when viewed by the target user, can read files on the target user's system.
Jelmer reported that there is a vulnerability in the processing of embedded Macromedia Flash ('.swf') files within PDF files. The software stores the flash file in the target user's temporary directory and links to this temporary file to access the Flash content. As a result, the Flash code runs in the context of the Local Computer, allowing the Flash content to access files on the target user's system.
A demonstration exploit is available at:
http://62.131.86.111/security/acrobat/demo.pdf
The demonstration requires a text file named 'c:jelmer.txt' on the target user's system.
Impact: A remote user can access files on the target user's system.
Solution: No solution was available at the time of this entry.
Vendor URL: www.adobe.com/ (Links to External Site)
Cause: Access control error
Underlying OS: Windows (Any)
Zdroj: http://www.securitytracker.com/alerts/2004/Oct/1011651.htmlAutor: VK