Forum Thread: Adobe Reader and Acrobat PDF "file://" URL Handling Security Issue

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Adobe Reader and Acrobat PDF "file://" URL Handling Security Issue

Secunia Adobe Reader and Acrobat PDF "file://" URL Handling Security Issue
Secunia Official 30th Mar, 2011 16:04
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
pdp has discovered a security issue in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to disclose sensitive information.

The problem is that it is possible to launch "file://" URLs from within PDF files. This can be exploited to e.g. read arbitrary files on the system and send them to the attacker.

Successful exploitation requires that a user is tricked into locally opening a PDF file.

The security issue is confirmed in Adobe Reader and Adobe Acrobat Professional versions 8.0.0. Other versions may also be affected.

xyzzy

RE: Adobe Reader and Acrobat PDF "file://" URL Handling Security Issue
[+]
This reply has been minimised due to a negative Relevancy Score.

xyzzy

RE: Adobe Reader and Acrobat PDF "file://" URL Handling Security Issue
[+]
This reply has been minimised due to a negative Relevancy Score.

robbie1addison

RE: Adobe Reader and Acrobat PDF "file://" URL Handling Security Issue
[+]
This reply has been deleted