Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability

2008.02.11

Credit: cocoruder

Risk: High

Local: Yes

Remote: Yes

CVE: CVE-2008-0667

CWE: CWE-399

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability
by cocoruder(frankruder (at) hotmail (dot) com [email concealed])
http://ruder.cdut.net
Summary:
A design error vulnerability exists in Adobe Reader and Adobe
Acrobat Professional. A remote attacker who successfully exploit this
vulnerability can control the printer without user's permission.
Affected Software Versions:
Adobe Reader 8.1.1 and earlier versions
Adobe Acrobat Professional, 3D and Standard 8.1.1 and earlier versions
Details:
Currently there is no details released because the final patch is
not available, more informations will be updated soon.
Solution:
Adobe has released an advisory for this vulnerability and a patch
for Adobe Reader which are available on:
http://www.adobe.com/support/security/advisories/apsa08-01.html
Fortinet advisory can be found at:
http://www.fortiguardcenter.com
CVE Information:
To be updated
Disclosure Timeline:
2007.11.01 Vendor notified
2007.11.02 Vendor responded
2008.02.07 Initial coordinated disclosure
--EOF--

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.