Red Hat Bugzilla – Bug 231055
CVE-2007-1199 acroread arbitrary file:// URL execution
Last modified: 2013-04-02 00:21:22 EDT
Adobe Acrobat Reader suffers from a flaw where a PDF file containing a file:// URL can allow a malicious PDF file to open that URL without user interaction. In order for this flaw to be exploited, a user will need to have a file containing the payload at a known location.
is there a new acroread version that fixes this?
No update yet. This bug is simply a placeholder for us so we can check for the fix in the future.
Hints on Gentoo's bugzilla indicate that this should have been fixed in 8.1.2: http://www.adobe.com/support/security/advisories/apsa08-01.html However, searching for this CVE name on Adobe's web site does not return any results, so if it has been fixed they've not named it or given it a duplicate name (looking at various reports, this may have been assigned CVE-2007-5020 (http://www.adobe.com/support/security/advisories/apsa07-04.html), but hard to verify; I've emailed Adobe asking for further info). At this point, it's been nearly four years so I suspect that it has been corrected in our currently-shipping acroread packages (9.4.1). And if this is not corrected, there isn't much we can do about it due to the closed-source nature of acroread. Since there is no proof that this CVE has been addressed, this should probably closed as CANTFIX, but will wait a bit to see if Adobe responds.
I received notification back from Adobe that "confirmed this issue has been fixed for Adobe Reader for UNIX with Reader 9.4.1 on Ubuntu 9.04 and Open Solaris x86, as well as the 8.x release too". So the latest version from upstream that we ship has the fix, however they didn't pin-point exactly which version provided the fix. As a result, I am going to close this as UPSTREAM as we cannot know for certain which version fixed the flaw.