posted on Friday, October 15, 2004 9:46 AM
by
demiliani
Acrobat Reader flaw...
I was missing this alert but I think it must be take in consideration, expecially for the target: the last releases of Adobe Acrobat and Acrobat Reader (I think every of us have Acrobat Reader installed on our pc) haw a serious flaw regariding the management of Flash (swf) embedded files.
The problem is that embedded Macromedia flash files are executed in a local context. This can be exploited to read local files by embedding a specially crafted flash file in a PDF file located on a malicious web site. The vulnerability has been confirmed on Adobe Reader 6.01 and 6.02 for Windows. You can read the details on Secunia website and also have a demostration HERE.
Solutions to this? At the moment not too much... only disable Javascript in Adobe Acrobat and Adobe Reader. A patch is required soon.