Adobe Acrobat and Reader mailto: PDF code execution

adobe-unspecified-pdf-code-execution (36722)

High Risk

Description:

Adobe Acrobat and Adobe Reader, when installed on Windows XP systems running Internet Explorer 7 could allow a remote attacker to execute arbitrary code on the system, caused by an unspecified vulnerability related to the mailto: option. By persuading a victim to open a specially-crafted PDF document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the victim's privileges.

Platforms Affected:

• Adobe, Acrobat 7.0
• Adobe, Acrobat 7.0.1
• Adobe, Acrobat 7.0.2
• Adobe, Acrobat 7.0.3
• Adobe, Acrobat 7.0.4
• Adobe, Acrobat 7.0.5
• Adobe, Acrobat 7.0.6
• Adobe, Acrobat 7.0.7
• Adobe, Acrobat 7.0.8
• Adobe, Acrobat 7.0.9
• Adobe, Acrobat 8.0
• Adobe, Acrobat 8.0.0
• Adobe, Acrobat 8.1
• Adobe, Acrobat 8.1.1
• Adobe, Acrobat Reader 7.0
• Adobe, Acrobat Reader 7.0.1
• Adobe, Acrobat Reader 7.0.2
• Adobe, Acrobat Reader 7.0.3
• Adobe, Acrobat Reader 7.0.4
• Adobe, Acrobat Reader 7.0.5
• Adobe, Acrobat Reader 7.0.6
• Adobe, Acrobat Reader 7.0.7
• Adobe, Acrobat Reader 7.0.8
• Adobe, Acrobat Reader 7.0.8.0
• Adobe, Acrobat Reader 7.0.9
• Adobe, Acrobat Reader 8.0
• Adobe, Acrobat Reader 8.1
• Adobe, Acrobat Reader 8.1.1
• Adobe, Acrobat Reader 8.1.2

Remedy:

Refer to APSB07-18 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Gain Access

References:

• Adobe Reader Web site, Adobe - Reader Download at http://www.adobe.com/products/acrobat/readstep2.html.
• APSA07-04, Workaround available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat at http://www.adobe.com/support/security/advisories/apsa07-04.html.
• APSB07-18, Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat at http://www.adobe.com/support/security/bulletins/apsb07-18.html.
• Full-Disclosure Mailing List, Tue Oct 16 2007 - 07:00:14 CDT, 0-day PDF exploit at http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0431.html.
• Gnucitizen Blog, September 20th, 2007, 0day: PDF pwns Windows at http://www.gnucitizen.org/blog/0day-pdf-pwns-windows.
• BID-25748: Adobe Acrobat Mailto PDF File Command Execution Vulnerability
• CVE-2007-5020: Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.
• FrSIRT/ADV-2007-3392: Adobe Acrobat and Reader URI Handlers Code Execution Vulnerability
• SECTRACK ID: 1018723: Adobe Reader Unspecified Bug Lets Remote Users Execute Arbitrary Code

Reported:

Sep 20, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page