Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability
From: cocoruder <cocoruder@xxxxxxxxx>
Date: Fri, 8 Feb 2008 10:04:47 +0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=C5rxVaAPXOT33sFZ9SIYmTlVuEciFFR3Dw9zJC/Fhks=; b=TPNs7hT0v7KiFkvFL7MGpPEZorkHnk5OoQUwsxamX3Kl2UnrNSwtGTW4GyhZpO4F0jV6cPkLSab5//rpO5sVOsiT3fe6nHyvPOptO2XfHVhGgB87saBo1s4x87kUdaggkcfSD00t7/nnx+bzsGQAj7ORuyELru16RDGuL8lEilg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=ecLrgZTzmvdD0tU1J6EWDvI+uKRYvoxSY2f5cMs2TjKSkwWENqDzwCTGpPtpF7BvqxNtoBX2cg7IpNuX+PvI+nQ1awHa9TOC+UwJSpOJeSs9ceVavE0+pGAjmq57j4uLxOoejg9J9IX1QtwyfmUQs0XaeaxTX8xDvITkSMlBtO4=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: frankruder@xxxxxxxxxxx

Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability

by cocoruder(frankruder@xxxxxxxxxxx)
http://ruder.cdut.net


Summary:

    A design error vulnerability exists in Adobe Reader and Adobe
Acrobat Professional. A remote attacker who successfully exploit this
vulnerability can control the printer without user's permission.



Affected Software Versions:

    Adobe Reader 8.1.1 and earlier versions
    Adobe Acrobat Professional, 3D and Standard 8.1.1 and earlier versions



Details:

    Currently there is no details released because the final patch is
not available, more informations will be updated soon.



Solution:

    Adobe has released an advisory for this vulnerability and a patch
for Adobe Reader which are available on:

    http://www.adobe.com/support/security/advisories/apsa08-01.html

    Fortinet advisory can be found at:

    http://www.fortiguardcenter.com



CVE Information:

    To be updated



Disclosure Timeline:

    2007.11.01        Vendor notified
    2007.11.02        Vendor responded
    2008.02.07        Initial coordinated disclosure



--EOF--

Prev by Date: [ MDVSA-2008:042 ] - Updated Qt4 packages fix vulnerability in QSslSocket
Next by Date: [DSECRG-08-014] Multiple LFI in PowerNews (Newsscript) 2.5.6
Previous by thread: [ MDVSA-2008:042 ] - Updated Qt4 packages fix vulnerability in QSslSocket
Next by thread: [DSECRG-08-014] Multiple LFI in PowerNews (Newsscript) 2.5.6
Index(es):
- Date
- Thread