7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
71.1%
Adobe Acrobat contains a vulnerability in its JavaScript parsing engine that could allow an attacker to place arbitrary files on the local file system.
Different versions of Adobe Acrobat software can create, modify, and read Portable Document Format (PDF) files. Acrobat JavaScript implements PDF-specific objects, methods, and properties and provides functionality similar to that of HTML client JavaScript. More information about Acrobat JavaScript is available from Acrobat 5 JavaScript Training site and in the Acrobat JavaScript Object Specification.
A vulnerability in the way Acrobat 5 validates JavaScript in PDF files could allow arbitrary files to be written to any location on the local file system that is writeable by the user running Acrobat. From the Adobe Acrobat 5.0.5 Security, Accessibility, and Forms patch:
Due to a vulnerability in the JavaScript parsing engine, a malicious PDF document can instruct Acrobat to write code into the user’s Plug-ins folder. Any file in the user’s Plug-ins folder that is developed to the Acrobat plug-in specification will automatically install and run when a user launches Acrobat.
According to Adobe, the full version of Acrobat 5 and Acrobat Approval 5 for the Windows platform are vulnerable. Acrobat 6 and all versions of Acrobat Reader are not vulnerable. Acrobat and Acrobat Approval for Macintosh and Acrobat for UNIX are not vulnerable.
An attacker could cause arbitrary files to be written to the local file system within the scope of the users’ permissions.
A virus (W32.Yourde) that exploits this vulnerability has been discovered. This virus does not destroy data. More detailed information is available in write-ups from Symantec and McAfee.
Apply Patch or Upgrade
Install the Adobe Acrobat 5.0.5 Security, Accessibility, and Forms patch or upgrade to Acrobat 6 or later.
Disable JavaScript
Acrobat JavaScript can be disabled in the General preferences dialog (Edit > Preferences > General > JavaScript).
Restrict Access to Plug-ins Directory
Use NTFS file permissions to prevent users from writing to the Plug-ins directory (typically C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Plug_ins). This will protect against the W32.Yourde virus, but it will not prevent malicious JavaScript from writing to other locations.
Remove JavaScript Plug-in
Remove the JavaScript plug-in (EScript.api) from the Plug-ins directory. This will effectively disable Acrobat JavaScript and may cause other unexpected results.
Maintain Anti-Virus Software
As a general best practice, maintain updated anti-virus software. Links to anti-virus vendors and other information are available on the Computer Virus Resources page.
184820
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: May 13, 2003
Affected
Please see the Adobe Acrobat 5.0.5 Security, Accessibility, and Forms patch.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23184820 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by John Landwehr of Adobe Systems Inc.
This document was written by Art Manion.
CVE IDs: | CVE-2003-0284 |
---|---|
Severity Metric: | 4.65 Date Public: |
partners.adobe.com/asn/acrobat/docs.jsp
partners.adobe.com/asn/developer/pdfs/tn/5186AcroJS.pdf
partners.adobe.com/asn/developer/training/acrobat/javascript/main.html
securityresponse.symantec.com/avcenter/venc/data/w32.yourde.html
vil.nai.com/vil/content/v_100269.htm
www.adobe.com/support/downloads/detail.jsp?ftpID=2121