1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Adobe Acrobat XSS

Web Attack: Adobe Acrobat XSS

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in the Adobe Acrobat that allows an attacker to execute arbitrary JavaScript.

Additional Information

Adobe Reader is a PDF file reader plugin available for multiple browsers on multiple platforms.

The plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

The plugin has a feature called 'Open Parameters' that can be used through a URL to specify certain parameters when viewing a PDF. However, the parameters are not properly sanitized for malicious content. A malicious URI of the following form, where 'something' is one of the vulnerable parameters, is sufficient to exploit this issue:

http://[URL]/[FILENAME].pdf#something=JavaScript

An attacker can exploit this issue to execute arbitrary JavaScript in vulnerable web browsers in the context of a site hosting a PDF file. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Adobe Reader versions 6 and 7 for Mozilla Firefox, Opera, and Microsoft Internet Explorer. Other versions for other browsers may also be affected.

Affected

  • Adobe Acrobat Reader 6.0.0
  • Adobe Acrobat Reader 6.0.1
  • Adobe Acrobat Reader 6.0.2
  • Adobe Acrobat Reader 6.0.3
  • Adobe Acrobat Reader 6.0.4
  • Adobe Acrobat Reader 7.0.0
  • Adobe Acrobat Reader 7.0.1
  • Adobe Acrobat Reader 7.0.2
  • Adobe Acrobat Reader 7.0.3
  • Adobe Acrobat Reader 7.0.4
  • Adobe Acrobat Reader 7.0.5
  • Adobe Acrobat Reader 7.0.6
  • Adobe Acrobat Reader 7.0.7
  • Microsoft Internet Explorer 6.0.0
  • Microsoft Internet Explorer 6.0.0 SP1
  • Mozilla Firefox 1.5.0
  • Mozilla Firefox 1.5.0 .6
  • Mozilla Firefox 1.5.0 .8
  • Mozilla Firefox 1.5.0 .9
  • Mozilla Firefox 1.5.0 beta 1
  • Mozilla Firefox 1.5.0 beta 2
  • Mozilla Firefox 1.5.0.1
  • Mozilla Firefox 1.5.0.2
  • Mozilla Firefox 1.5.0.3
  • Mozilla Firefox 1.5.0.4
  • Mozilla Firefox 1.5.0.5
  • Mozilla Firefox 1.5.0.6
  • Mozilla Firefox 1.5.0.7
  • Mozilla Firefox 2.0
  • Mozilla Firefox 2.0 beta 1
  • Mozilla Firefox 2.0.0 .1
  • Mozilla Firefox 2.0 RC2
  • Mozilla Firefox 2.0 RC3
  • Opera Software Opera Web Browser 9.10

Response

Upgrade to the latest version of Adobe Acrobat Reader and ensure that all patches are applied.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube