Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apple Safari Adobe Acrobat JavaScript访问控制绕过漏洞
Vulnerability Description
Safari是苹果电脑公司的捆绑的web浏览器。 Apple Safari执行对一个javascript的响应的DOM调用: 包含于内嵌PDF文件的一个格式中的提交元素的目标属性中的URI,可能允许远程攻击者绕过在文件对象上预设的Adobe Acrobat JavaScript限制,例如允许不可靠用户上传PDF的一个网络站点,所以会具有一个共享的网络站点和该javascript:URI之间的document.domain。注意:研究者指出Adobe's认为"一个PDF文件就是活跃的内容"。
CVSS Information
N/A
Vulnerability Type
N/A