Summary:

A specially crafted PDF document may silently request to be printed with arbitrary frequency, causing a denial of service while wasting resources.

Impact:

Denial of printing service and material waste.

Risk:

• Low

Affected Software:

• Adobe Acrobat Professional 7.0.9
• Adobe Reader 8.1.0

Additional Information:

The vulnerability exists due to a design flaw with the function "DOC.print()" available through Adobe's Javascript API. The flaw allows the interactive level of a print parameter to be set to silent, which will allow non-interactive printing. With this property set, a print dialog box will not be displayed and any amount of copies may be printed without user permission.

Solutions:

• Users should apply the update supplied by Adobe to address this issue

References:

• Adobe Bulletin: APSB08-13
• CVE ID: CVE-2008-0655

Acknowledgment:

• Fortinet Global Security Research Team