JavaScript Privilege Escalation in Adobe Reader
-
James Loureiro - Published: 17 Jul 2015
JavaScript Privilege Escalation in Adobe Reader
CVE-2015-4451
Share
Type
- JavaScript Privilege Escalation in Adobe Reader
Severity
- Medium
Affected products
- Adobe Reader
CVE Reference
- CVE-2015-4451
Timeline
| 15/05/2015 | Reported to Adobe |
| 03/07/2015 | Adobe confirms issue has been fixed |
| 14/07/2015 | Patch released by Adobe |
| 17/07/2015 | Advisory released |
A vulnerability was discovered in Adobe Reader which allows the bypass of restrictions in the JavaScript API to allow the execution of privileged JavaScript commands from an unprivileged context.
Description
Adobe Acrobat Reader is the most commonly used PDF viewer available for Windows and Mac.
The Adobe Reader JavaScript API has a privilege system in which a user must give permission before execution of privileged functions can occur.
It was found that it is possible to bypass the restrictions on the JavaScript API which allows execution of privileged JavaScript functions.
Impact
A user who opened a PDF in which this vulnerability was used could be forced to automatically perform an undesired action, such as forcing the user to connect to a web site without notifying the user of this action.
Cause
It was possible to change the context of the doc.requestPermssion within the trusted ANSendApprovalToAuthorEnabled function to perform privileged JavaScript functions.
Interim Workaround
If it is not possible to update to the latest version of Adobe Reader, it is recommended that users disable the use of JavaScript in Adobe Reader. Further details can be found from the Adobe website: JavaScript Controls
Solution
It is recommended that users of Adobe Reader update to version 11.0.12