||||
Symantec.com > Business > Security Response > Attack Signatures > HTTP Adobe Acrobat Plugin XSS
PRINT THIS PAGE

HTTP Adobe Acrobat Plugin XSS

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in the Adobe Acrobat that allows an attacker to execute arbitrary JavaScript.

Additional Information

Adobe Reader is a PDF file reader plugin available for multiple browsers on multiple platforms.

The plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

The plugin has a feature called 'Open Parameters' that can be used through a URL to specify certain parameters when viewing a PDF. However, the parameters are not properly sanitized for malicious content. A malicious URI of the following form, where 'something' is one of the vulnerable parameters, is sufficient to exploit this issue:

http://[URL]/[FILENAME].pdf#something=JavaScript

An attacker can exploit this issue to execute arbitrary JavaScript in vulnerable web browsers in the context of a site hosting a PDF file. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Adobe Reader versions 6 and 7 for Mozilla Firefox, Opera, and Microsoft Internet Explorer. Other versions for other browsers may also be affected.

Affected

  • Adobe Acrobat Reader 6.0.0
  • Adobe Acrobat Reader 6.0.1
  • Adobe Acrobat Reader 6.0.2
  • Adobe Acrobat Reader 6.0.3
  • Adobe Acrobat Reader 6.0.4
  • Adobe Acrobat Reader 7.0.0
  • Adobe Acrobat Reader 7.0.1
  • Adobe Acrobat Reader 7.0.2
  • Adobe Acrobat Reader 7.0.3
  • Adobe Acrobat Reader 7.0.4
  • Adobe Acrobat Reader 7.0.5
  • Adobe Acrobat Reader 7.0.6
  • Adobe Acrobat Reader 7.0.7
  • Microsoft Internet Explorer 6.0.0
  • Microsoft Internet Explorer 6.0.0 SP1
  • Mozilla Firefox 1.5.0
  • Mozilla Firefox 1.5.0 .6
  • Mozilla Firefox 1.5.0 .8
  • Mozilla Firefox 1.5.0 .9
  • Mozilla Firefox 1.5.0 beta 1
  • Mozilla Firefox 1.5.0 beta 2
  • Mozilla Firefox 1.5.0.1
  • Mozilla Firefox 1.5.0.2
  • Mozilla Firefox 1.5.0.3
  • Mozilla Firefox 1.5.0.4
  • Mozilla Firefox 1.5.0.5
  • Mozilla Firefox 1.5.0.6
  • Mozilla Firefox 1.5.0.7
  • Mozilla Firefox 2.0
  • Mozilla Firefox 2.0 beta 1
  • Mozilla Firefox 2.0.0 .1
  • Mozilla Firefox 2.0 RC2
  • Mozilla Firefox 2.0 RC3
  • Opera Software Opera Web Browser 9.10

Response

Upgrade to the latest version of Adobe Acrobat Reader and ensure that all patches are applied.

Possible False Positives

There are no known false positives associated with this signature.


©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS