Google Chrome PDF Javascript Security Bypass Vulnerability Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to PDF Javascript Security Bypass Vulnerability.

Impact

Successful exploitation will let attacker to execute arbitrary code result in spoof URLs, bypass the security restriction, XSS, Memory corruption, phishing attacks and steal generic information from website. Impact level: Application/Network

Solution

Upgrade to Google Chrome version 4.1.249.1064 or later. For updates refer to http://www.google.com/chrome

Insight

An error in Adobe Acrobat JavaScript protocol handler in the context of browser when a PDF file is opened in it via execute DOM calls in response to a javascript: URI.

Affected

Google Chrome versions 1.0.154.65 and prior and 2.0.180.0 and prior.

References

http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf
http://www.securityfocus.com/archive/1/archive/1/503183/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1598
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
Adobe ColdFusion Authentication Bypass Vulnerability
Apache Archiva Multiple Remote Command Execution Vulnerabilities
AdPeeps 'index.php' Multiple Vulnerabilities.

Take action and discover your vulnerabilities