Firm admits vulnerability took seven months to fix
Adobe is urging users of its document and graphics server equipment to harden their systems after the discovery of a critical flaw.
Danish vulnerability testing firm Secunia first reported the flaw, which it describes as 'moderately critical', in July 2005 but it has taken until now for Adobe to fix the problem. Adobe has issued an advisory on its website.
The problem is caused when the 'saveContent' and 'saveOptimized' Adobe Document Server commands are used. This may save files anywhere on the system, including those areas with full access privileges.
"This can be exploited by sending a specially crafted Soap request to the web service to write a graphics file containing malicious JavaScript as metadata to e.g. the server's 'All Users' start-up folder," warned Secunia.
"The request can be constructed to save this graphics file with an HTA extension causing the file to be executed the next time any user logs in.
"A request containing 'loadContent' can also be sent to retrieve arbitrary graphics or PDF files from the server, potentially exposing sensitive information."
Adobe recommends adapting local access controls to mitigate against the problem, and officially thanked Secunia for bringing the issue to its attention.
Adobe is urging users of its document and graphics server equipment to harden their systems after the discovery of a critical flaw.
Danish vulnerability testing firm Secunia first reported the flaw, which it describes as 'moderately critical', in July 2005 but it has taken until now for Adobe to fix the problem. Adobe has issued an advisory on its website.
The problem is caused when the 'saveContent' and 'saveOptimized' Adobe Document Server commands are used. This may save files anywhere on the system, including those areas with full access privileges.
"This can be exploited by sending a specially crafted Soap request to the web service to write a graphics file containing malicious JavaScript as metadata to e.g. the server's 'All Users' start-up folder," warned Secunia.
"The request can be constructed to save this graphics file with an HTA extension causing the file to be executed the next time any user logs in.
"A request containing 'loadContent' can also be sent to retrieve arbitrary graphics or PDF files from the server, potentially exposing sensitive information."
Adobe recommends adapting local access controls to mitigate against the problem, and officially thanked Secunia for bringing the issue to its attention.
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: