|
Adobe Document/Graphics Server File URI Resource Access
|
|
Secunia Advisory:
|
SA19229
|
|
|
Release Date:
|
2006-03-15
|
|
Popularity:
|
6,004 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Manipulation of data
Exposure of sensitive information
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Workaround
|
|
| Software: | Adobe Document Server 5.x
Adobe Document Server 6.x
Adobe Graphics Server 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-1182
|
|
Description:
Secunia Research has discovered a vulnerability in Adobe Document Server and Adobe Graphics Server, which can be exploited by malicious people to gain knowledge of potentially sensitive information, overwrite arbitrary files, or compromise a vulnerable system.
The vulnerability is caused due to the "loadContent", "saveContent", and "saveOptimized" ADS (Adobe Document Server) commands allowing graphics or PDF files to be retrieved from or saved to arbitrary locations on the server using File URIs via the AlterCast web service running on port 8019. Files can be saved with arbitrary extensions. This can be exploited by sending a specially-crafted SOAP request to write a graphics file (with HTA extension) containing malicious JavaScript as metadata to e.g. the server's "All Users" startup folder. This file will be executed the next time any user logs in.
Successful exploitation requires that the service is configured to run with SYSTEM privileges (default) or with privileges of a normal user that has been granted interactive logon rights.
The vulnerability has been confirmed in Document Server 6.0 (p026) and Graphics Server 2.1 (d013). Other versions may also be affected.
Solution:
The vendor has published additional hardening steps to prevent exploitation of the vulnerability (see vendor advisory for details).
Provided and/or discovered by:
Tan Chew Keong, Secunia Research.
Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2005-28/
Adobe:
http://www.adobe.com/support/techdocs/332989.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
