CVE-2009-1598

Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf	Exploit Third Party Advisory
http://www.securityfocus.com/archive/1/503183/100/0/threaded	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*

Information

Published : 2009-05-11 08:30

Updated : 2021-11-15 10:38

NVD link : CVE-2009-1598

Mitre link : CVE-2009-1598

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

google

chrome

9.3 /10