| VID |
22401 |
| Severity |
40 |
| Port |
8019 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Adobe Document/Graphics Server is vulnerable to a resource access vulnerability via the File URIs. Adobe Graphics Server versions 2.0 and 2.1 and Adobe Document Server versions 5.0 and 6.0 are vulnerable to a vulnerability that may allow remote attackers to:
- access arbitrary graphics or PDF files
- place arbitrary graphics or PDF files on a server
- gain unauthorized access to a computer
- potentially execute arbitrary code.
The vulnerability is caused due to the "loadContent", "saveContent", and "saveOptimized" ADS (Adobe Document Server) commands allowing graphics or PDF files to be retrieved from or saved to arbitrary locations on the server using File URIs via the AlterCast web service running on port 8019. Files can be saved with arbitrary extensions. This can be exploited by sending a specially-crafted SOAP request to write a graphics file (with HTA extension) containing malicious JavaScript as metadata to e.g. the server's "All Users" startup folder. This file will be executed the next time any user logs in. Successful exploitation requires that the service is configured to run with SYSTEM privileges (default) or with privileges of a normal user that has been granted interactive logon rights.
* References:
http://www.adobe.com/support/techdocs/332989.html
http://secunia.com/secunia_research/2005-28/advisory/
http://secunia.com/advisories/19229/
* Platforms Affected:
Adobe Document Server 5.0, 6.0
Adobe Graphics Server 2.0, 2.1
Microsoft Windows Any version |
| Recommendation |
Follow the vendor advisory, as described in Adobe Support Knowledgebase Document 332989 at http://www.adobe.com/support/techdocs/332989.html |
| Related URL |
CVE-2006-1182 (CVE) |
| Related URL |
17113 (SecurityFocus) |
| Related URL |
25247 (ISS) |
|
