[TechAssist] Vulnerability in Adobe Acrobat/Adobe Reader, Disclosure of Sensitive Information
- From: Doug Keller <dek@xxxxxxxxxxxxxx>
- To: "techassist@xxxxxxxxxxxxx" <techassist@xxxxxxxxxxxxx>
- Date: Wed, 13 Oct 2004 11:42:25 -0400
**Information purposes only - DO NOT REPLY!!
Subject: [SA12809] Adobe Acrobat / Adobe Reader Disclosure of Sensitive
Information
TITLE:
Adobe Acrobat / Adobe Reader Disclosure of Sensitive Information
SECUNIA ADVISORY ID:
SA12809
VERIFY ADVISORY:
http://secunia.com/advisories/12809/
CRITICAL:
Moderately critical
IMPACT:
Exposure of sensitive information
WHERE:
>From remote
SOFTWARE:
Adobe Reader 6.x
http://secunia.com/product/1810/
Adobe Acrobat 6.x
http://secunia.com/product/1809/
DESCRIPTION:
A vulnerability in Adobe Acrobat and Adobe Reader, which
can be exploited by malicious people to disclose
sensitive information.
The problem is that embedded Macromedia flash files are executed in a
local context. This can be exploited to read local files by embedding
a specially crafted flash file in a PDF file located on e.g. a
malicious web site.
The vulnerability has been confirmed on Adobe Reader 6.01 and 6.02
for Windows.
SOLUTION:
Disable Javascript in Adobe Acrobat and Adobe Reader.
--
Doug Keller
Wis-Kel Electronics
101 Freeland Ave.
Terra Alta, WV
USA 26764
dek@xxxxxxxxxxxxxx
dek@xxxxxxxxxxxxxxx
http://www.tech-assist.org
"Learn from the mistakes of others, because you
won't live long enough to make them all yourself"
-----------------------------------------------------------------------------
Lost Password:
http://www.tech-assist.org and select "Login Problems?".
Email Archives:
//www.freelists.org/archives/techassist/
Other related posts:
