Adobe eBook Reader Data Backup Operation Restriction Bypass
2002-07-19T00:00:00
ID OSVDB:9296 Type osvdb Reporter Vladimir Katalov(info@elcomsoft.com) Modified 2002-07-19T00:00:00
Description
Vulnerability Description
eBook Reader contains a flaw that may allow a malicious user to bypass Digital Rights Management (DRM). DRM control of copying, printing and lending is implemented by storing the information in the file itself, which can be backed up prior to exercising rights, and restored back to its initial state. It is possible that the flaw may allow unlimited access to restricted rights resulting in a loss of integrity.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
eBook Reader contains a flaw that may allow a malicious user to bypass Digital Rights Management (DRM). DRM control of copying, printing and lending is implemented by storing the information in the file itself, which can be backed up prior to exercising rights, and restored back to its initial state. It is possible that the flaw may allow unlimited access to restricted rights resulting in a loss of integrity.
References:
Mail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=102965261426258&w=2
ISS X-Force ID: 9634
CVE-2002-1016
CERT VU: 438867
Bugtraq ID: 5273
{"id": "OSVDB:9296", "bulletinFamily": "software", "title": "Adobe eBook Reader Data Backup Operation Restriction Bypass", "description": "## Vulnerability Description\neBook Reader contains a flaw that may allow a malicious user to bypass Digital Rights Management (DRM). DRM control of copying, printing and lending is implemented by storing the information in the file itself, which can be backed up prior to exercising rights, and restored back to its initial state. It is possible that the flaw may allow unlimited access to restricted rights resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\neBook Reader contains a flaw that may allow a malicious user to bypass Digital Rights Management (DRM). DRM control of copying, printing and lending is implemented by storing the information in the file itself, which can be backed up prior to exercising rights, and restored back to its initial state. It is possible that the flaw may allow unlimited access to restricted rights resulting in a loss of integrity.\n## References:\nMail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=102965261426258&w=2\nISS X-Force ID: 9634\n[CVE-2002-1016](https://vulners.com/cve/CVE-2002-1016)\nCERT VU: 438867\nBugtraq ID: 5273\n", "published": "2002-07-19T00:00:00", "modified": "2002-07-19T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:9296", "reporter": "Vladimir Katalov(info@elcomsoft.com)", "references": [], "cvelist": ["CVE-2002-1016"], "type": "osvdb", "lastseen": "2017-04-28T13:20:04", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "1de701d4c596dfa56f81ac3021a5bf99"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "c5ee05c316e6169ab5e623aafb2d7dc6"}, {"key": "cvss", "hash": "292f2e293571b0e70e3182b615982dad"}, {"key": "description", "hash": "54b4b22c5847267cafce07e1e8252bf3"}, {"key": "href", "hash": "5e1b1c0bbe806d53eec2a533b00e85aa"}, {"key": "modified", "hash": "03318c28e535ae49c7ab66e1e6a380cf"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "03318c28e535ae49c7ab66e1e6a380cf"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "f36f7bc6f884b33e3ceaf90be2a8f70b"}, {"key": "title", "hash": "7b536109a1f18a3f191265cf777e56e3"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "c8f21eb38118d4df76b263e7fe8e439b0dcd2442735807672f4bed740c02bc49", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [{"name": "eBook Reader", "operator": "eq", "version": "2.2"}], "enchantments": {"vulnersScore": 2.8}}
{"result": {"cve": [{"id": "CVE-2002-1016", "type": "cve", "title": "CVE-2002-1016", "description": "Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files.", "published": "2002-10-04T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1016", "cvelist": ["CVE-2002-1016"], "lastseen": "2016-09-03T03:31:08"}], "exploitdb": [{"id": "EDB-ID:21629", "type": "exploitdb", "title": "Adobe eBook Reader 2.2 - File Restoration Privilege Escalation Vulnerability", "description": "Adobe eBook Reader 2.2 File Restoration Privilege Escalation Vulnerability. CVE-2002-1016. Local exploit for windows platform", "published": "2002-07-19T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/21629/", "cvelist": ["CVE-2002-1016"], "lastseen": "2016-02-02T16:55:26"}]}}