Bug 231055 - (CVE-2007-1199) CVE-2007-1199 acroread arbitrary file:// URL execution
CVE-2007-1199 acroread arbitrary file:// URL execution
Status: CLOSED UPSTREAM
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Jonathan Blandford
impact=low,source=cve,public=20070228...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-05 15:28 EST by Josh Bressers
Modified: 2013-04-02 00:21 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-01-05 11:26:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2007-03-05 15:28:38 EST
Adobe Acrobat Reader suffers from a flaw where a PDF file containing a file://
URL can allow a malicious PDF file to open that URL without user interaction. 
In order for this flaw to be exploited, a user will need to have a file
containing the payload at a known location.
Comment 3 Kristian Høgsberg 2007-03-05 16:18:48 EST
is there a new acroread version that fixes this?
Comment 4 Josh Bressers 2007-03-05 18:46:05 EST
No update yet.  This bug is simply a placeholder for us so we can check for the
fix in the future.
Comment 6 Vincent Danen 2010-12-22 16:09:31 EST
Hints on Gentoo's bugzilla indicate that this should have been fixed in 8.1.2:

http://www.adobe.com/support/security/advisories/apsa08-01.html

However, searching for this CVE name on Adobe's web site does not return any results, so if it has been fixed they've not named it or given it a duplicate name (looking at various reports, this may have been assigned CVE-2007-5020 (http://www.adobe.com/support/security/advisories/apsa07-04.html), but hard to verify; I've emailed Adobe asking for further info).

At this point, it's been nearly four years so I suspect that it has been corrected in our currently-shipping acroread packages (9.4.1).

And if this is not corrected, there isn't much we can do about it due to the closed-source nature of acroread.  Since there is no proof that this CVE has been addressed, this should probably closed as CANTFIX, but will wait a bit to see if Adobe responds.
Comment 7 Vincent Danen 2011-01-05 11:26:05 EST
I received notification back from Adobe that "confirmed this issue has been fixed for Adobe Reader for UNIX with Reader 9.4.1 on Ubuntu 9.04 and Open Solaris x86, as well as the 8.x release too".  So the latest version from upstream that we ship has the fix, however they didn't pin-point exactly which version provided the fix.

As a result, I am going to close this as UPSTREAM as we cannot know for certain which version fixed the flaw.

Note You need to log in before you can comment on or make changes to this bug.