Vulnerability Note VU#200132

Various UNIX and Linux PDF readers/viewers execute commands embedded within hyperlinks

Original Release date: 18 Jun 2003 | Last revised: 26 Sep 2003

Overview

A vulnerability in various UNIX and Linux PDF viewers/readers may allow remote attackers to execute arbitrary commands on your system.

Description

Adobe Systems Incorporated describes PDF (Portable Document Format) as "a universal file format that preserves the fonts, images, graphics, and layout of any source document, regardless of the application and platform used to create it." A viewer such as Adobe Reader or Xpdf is needed to view a document encoded in PDF. Various PDF viewers are widely deployed on the Internet. Quoting from the Adobe Systems Incorporated web site:

    Governments and enterprises around the world have adopted PDF to streamline document management, increase productivity, and reduce reliance on paper....An open file format specification, PDF is available to anyone who wants to develop tools to create, view, or manipulate PDF documents. Indeed, more than 1,800 vendors offer PDF-based solutions, ensuring that organizations that adopt the PDF standard have a variety of tools to leverage the Portable Document Format and to customize document processes.

When a victim clicks on a hyperlink contained within a malicious PDF file, an attacker may be able to execute arbitrary commands with the privileges of the victim. This is possible because some UNIX and Linux PDF readers/viewers spawn external programs to handle hyperlinks by invoking the shell command interpreter.

Impact

A remote attacker may be able to execute arbitrary commands with the privileges of the victim.

Solution

Apply a patch when available.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Adobe Systems IncorporatedAffected08 May 200318 Jun 2003
ConectivaAffected15 May 200322 Sep 2003
DebianAffected15 May 200319 May 2003
MandrakeSoftAffected15 May 200314 Jul 2003
Red Hat Inc.Affected15 May 200319 Jun 2003
Sun Microsystems Inc.Affected15 May 200317 Jun 2003
XpdfAffected20 May 200317 Jun 2003
Apple Computer Inc.Not Affected-18 Jun 2003
FujitsuNot Affected15 May 200308 Aug 2003
HitachiNot Affected15 May 200318 Jun 2003
Ingrian NetworksNot Affected15 May 200323 May 2003
Microsoft CorporationNot Affected15 May 200319 May 2003
NEC CorporationNot Affected15 May 200316 Jun 2003
Nortel NetworksNot Affected15 May 200314 Jul 2003
Xerox CorporationNot Affected15 May 200314 Jul 2003
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Martyn Gilmore. The CERT/CC thanks Martyn, Adobe, and the folks responsible for the Xpdf project.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: CAN-2003-0434
  • Date Public: 13 Jun 2003
  • Date First Published: 18 Jun 2003
  • Date Last Updated: 26 Sep 2003
  • Severity Metric: 37.97
  • Document Revision: 26

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.