Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Adobe Hacks. Show all posts

The Most Feature-Rich PDF Reader Affected with a Critical RCE Vulnerability


Critical Remote Code Execution vulnerability has been discovered in the most popular and most feature-rich PDF reader, Adobe Acrobat Reader DC.

The vulnerability has the power to perform a stack-based buffer overflow all the executing the orbitary code when users open the vulnerable Adobe document.This Critical RCE vulnerability affected the version of Adobe Acrobat Reader DC 2018.009.20044 and Below.

Albeit the reason anticipated as to why Adobe was targeted is quite simple to fathom it has a major user base, is the most prevalent and most feature-rich PDF reader and is usually a default PDF reader on systems and incorporates into web browsers as a plugin for rendering PDFs.

This most likely makes it substantially  easier for an attacker to send the specific crafted malicious document by means of an email or deceiving a user into visiting a malicious web page and influence the user execute the malicious document and trigger this vulnerability.Considering the Remote Code Execution Working Flow where the application bolsters the embedded JavaScript within the Adobe document and enables it to work as PDF form.

This could be hands down mishandled by an attacker utilizing the vulnerability for an additional attack surface.

When parsing a PDF file with overly large Document ID field specified in the trailer, according to Aleksandar Nikolic of  Cisco Talos, it is parsed correctly initially, but when it’s referenced in JavaScript, a stack-based buffer overflow can occur when encoding the bytes to a hex string.
Here is a sample document ID:


In this case, Cisco Providing a simple JavaScript to trigger this critical Remote code execution vulnerability.
                             


 “the specified part of document ID field is hex-decoded into a sequence of bytes. When a this.docID is dereferenced in JavaScript, this byte sequence is encoded back into an ascii hex string again function at EScript+0x9e7c0”

Nonetheless this vulnerability has been reported to Adobe, patch has been made and released an update on 2018 -02-13 with CVE-2018-4901.

Reflected XSS Vulnerability in Adobe website

A Security Researcher Ankit Bharathan (aka lonely-hacker) has discovered a Non-persistent Cross site scripting vulnerability in Adobe website.

The vulnerability resides in one of the adobe sub domain "dbln-speedtest.adobe.com"

The POC for the vulnerability:
http://dbln-speedtest.adobe.com/index.php?lang="><SCRIPT>alert("E Hacking News")</SCRIPT>
The Researcher claim to have discovered a path disclosure vulnerability in the same link and have 90+ open directory in Adobe.

Ankit notified Adobe about the vulnerability but they failed to respond for his mail. 

Vulnerabilities in Adobe



Cross site scripting Vulnerability in Adobe website


A Researcher has discovered Reflected Cross site scripting(XSS) vulnerability in the official website of Adobe Systems Incorporated and submitted the vulnerability to Secureless.

According to the researcher, the vulnerability has been reported few months ago but there is no response from Adobe.

The  'adobe.com/events/main.jsp?month=' found to be vulnerable to reflected or non-persistent XSS security flaw.  Researcher managed to execute the javascript by injecting the script in the month parameter.

adobe xss vulnerability

The Poc and exploit details has been archived here:
http://secureless.org/vulnerability/2440/
The vulnerability allows a cyber criminal to launch phishing attack , session hijacking, redirecting to malicious sites and more. At the time of writing, The vulnerability is still there.

*Update 1* Today, we got response from Adobe Security Team that they are researching the bug and will fix it soon.

*Update 2 * (12 Dec) The vulnerability has been fixed.

Adobe Groups Profile Hacked using XSS(cross site Scripting)~Unfixed

Still Adobe didn't fix the XSS vulnerability in adobe groups profile. One more adobe group profile is created with xss Injection by Hacker Sony.

Check this:
http://bikaner.groups.adobe.com/index.cfm?event=post.display&postid=38442

One more Link:
http://bikaner.groups.adobe.com/index.cfm?event=post.display&postid=38443

source

Adobe Groups Profile Hacked using XSS(cross site Scripting) by Sony

A hacker known as Sony hacked Adobe Groups profile using the XSS(Cross Site Scripting) vulnerability. The XSS is persistent type, means "if you insert files, it will
be there permanently.  It will be shown to all users". So hackers are able to steal cookies using that.

Vulnerability Information:
  • Vulnerability Type: XSS.
  • Persistent: Yes .
  • STATUS: Unfixed.
  • Hacked By: Hacker named as "Sony".
  • Defacement: Defaced the Profile Page, not main page.
Proof of Vulnerability: