{"edition": 1, "title": "Adobe eBook Reader Data Backup Operation Restriction Bypass", "bulletinFamily": "software", "published": "2002-07-19T00:00:00", "lastseen": "2017-04-28T13:20:04", "history": [], "modified": "2002-07-19T00:00:00", "reporter": "Vladimir Katalov(info@elcomsoft.com)", "hash": "c8f21eb38118d4df76b263e7fe8e439b0dcd2442735807672f4bed740c02bc49", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:9296", "description": "## Vulnerability Description\neBook Reader contains a flaw that may allow a malicious user to bypass Digital Rights Management (DRM). DRM control of copying, printing and lending is implemented by storing the information in the file itself, which can be backed up prior to exercising rights, and restored back to its initial state. It is possible that the flaw may allow unlimited access to restricted rights resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\neBook Reader contains a flaw that may allow a malicious user to bypass Digital Rights Management (DRM). DRM control of copying, printing and lending is implemented by storing the information in the file itself, which can be backed up prior to exercising rights, and restored back to its initial state. It is possible that the flaw may allow unlimited access to restricted rights resulting in a loss of integrity.\n## References:\nMail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=102965261426258&w=2\nISS X-Force ID: 9634\n[CVE-2002-1016](https://vulners.com/cve/CVE-2002-1016)\nCERT VU: 438867\nBugtraq ID: 5273\n", "affectedSoftware": [{"name": "eBook Reader", "version": "2.2", "operator": "eq"}], "type": "osvdb", "hashmap": [{"key": "affectedSoftware", "hash": "1de701d4c596dfa56f81ac3021a5bf99"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "c5ee05c316e6169ab5e623aafb2d7dc6"}, {"key": "cvss", "hash": "292f2e293571b0e70e3182b615982dad"}, {"key": "description", "hash": "54b4b22c5847267cafce07e1e8252bf3"}, {"key": "href", "hash": "5e1b1c0bbe806d53eec2a533b00e85aa"}, {"key": "modified", "hash": "03318c28e535ae49c7ab66e1e6a380cf"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "03318c28e535ae49c7ab66e1e6a380cf"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "f36f7bc6f884b33e3ceaf90be2a8f70b"}, {"key": "title", "hash": "7b536109a1f18a3f191265cf777e56e3"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 4.6}, "cvelist": ["CVE-2002-1016"], "id": "OSVDB:9296"}

{"result": {"cve": [{"lastseen": "2016-09-03T03:31:08", "references": ["http://www.kb.cert.org/vuls/id/438867", "http://www.iss.net/security_center/static/9634.php", "http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000177.html", "http://www.securityfocus.com/bid/5273"], "description": "Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files.", "edition": 1, "reporter": "NVD", "published": "2002-10-04T00:00:00", "title": "CVE-2002-1016", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T03:31:08", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2002-1016"], "scanner": [], "cpe": ["cpe:/a:adobe:digital_editions:2.2::win"], "modified": "2008-09-05T16:29:33", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1016", "id": "CVE-2002-1016", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T16:55:26", "osvdbidlist": ["9296"], "references": [], "description": "Adobe eBook Reader 2.2 File Restoration Privilege Escalation Vulnerability. CVE-2002-1016. Local exploit for windows platform", "edition": 1, "reporter": "Vladimir Katalov", "published": "2002-07-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "exploitdb", "title": "Adobe eBook Reader 2.2 - File Restoration Privilege Escalation Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2002-1016"], "modified": "2002-07-19T00:00:00", "id": "EDB-ID:21629", "href": "https://www.exploit-db.com/exploits/21629/", "sourceData": "source: http://www.securityfocus.com/bid/5273/info\r\n\r\nAdobe eBook Reader is a client side application which is able to view Adobe eBooks, available for Microsoft Windows and Macintosh OS 9. eBooks are electronic books which provide some protection for content. Users may be able to view a book, but have limited publisher defined privileges to copy content.\r\n\r\nIt is possible to bypass some quota restrictions. Non-zero quotas on copying and printing content may be bypassed by repeatedly restoring certain files used to maintain state from backups.\r\n\r\nThis vulnerability has been reported in versions of eBook Reader for Microsoft Windows. It may, however, exist on other platforms.\r\n\r\nData\\Vouchers\\*.*\r\nData\\GB.dbd\r\nData\\Category.etb\r\nData\\Library*.etb\r\nData\\Library*.vld", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/21629/"}]}}