Malaysian Computer Emergency Response Team

Services

Advisories Cyber999 Help Centre Malware Research Centre Incident Statistics

MyCERT Statistic

Reported Incidents based on General Incident Classification Statistics 2010

Help Centre

Reporting Channels

MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2007

MA-112.012007: Adobe Acrobat Reader Client (Plug-in) XSS Vulnerability

Original Issue Date: 12th January 2007

1.0 Description

1.1 Overview

MyCERT received reports and information from various reliable sources regarding a vulnerability that exploits an error in the Web browser plug-in of Adobe Systems' tool that allows attacker to insert the address of any website that hosts a PDF file for use in attacks. An attacker could construct seemingly trusted links and add malicious JavaScript code that will be executed once the link is clicked.

For example, an attacker could find a PDF file on a bank website and then create a link to that file along with malicious JavaScript.

Users are advised to monitor any unknown/unusual links that may appear in any form such as in emails and instant messaging.

1.2 Affected Software

The following softwares are affected:

Adobe Acrobat Reader version 7.0.8 and earlier
Mozilla Firefox 2.0 and earlier
Netscape 7.2 earlier

1.3 Impact

This vulnerability makes it possible for cross-site -scripting (XSS) attacks to occur, which may lead to theft of browser cookies and session information.

2.0 Vulnerability Limitation

Based on tests conducted, exploits of the vulnerability are possible given a combination of browser and Adobe Acrobat Reader. For example on Windows XP SP2, the vulnerability can be exploited if one is using Firefox 2.0 and Acrobat Reader 7.0.5.

The vulnerability only works when a browser enables opening of PDF files via plug in.

3.0 Recommendations

3.1 For Windows Users

End users running Windows are advised to upgrade their Adobe Reader to Adobe Reader 8, the latest version of the Adobe software released in December 2006.

The upgrade is available at:
http://www.adobe.com/products/acrobat/readstep2.html

3.2 For Unix/Linux Users

End users running Unix/Linux, may use the following workarounds to mitigate the vulnerability due to current unavailability of upgrade or patches:

3.2.1 Disable opening PDF files or documents in the web browsers.

Steps to prevent PDF files or documents from automatically opening in web browsers are:

Open Adobe Acrobat Reader
Open the Edit menu
Choose the preferences option
Un-check the “Display PDF in browser”

3.2.2 Disable Javascript

For instructions on how to disable JavaScript, please refer to the Securing Your Web Browser document:
http://www.us-cert.gov/reading_room/securing_browser/

4.0 More Information

More information on this vulnerability available at the following sites:

4.1 Adobe
http://www.adobe.com/support/security/bulletins/apsb07-01.html

4.2 AUSCERT
http://www.auscert.org.au/render.html?it=7155

4.3 USCERT
http://www.kb.cert.org/vuls/id/815960

4.4 Open Source Vulnerability Database (OSVDB)
http://osvdb.org/displayvuln.php?osvdb_id=31046