Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Vulnerability found: Adobe Acrobat eBook Reader and Content Server
From: full-disclosure () lists netsys com (full-disclosure () lists netsys com)
Date: Fri, 19 Jul 2002 15:29:50 +0400

Hash: MD5

                Product Vulnerability Reporting Form


 Name                   : Vladimir Katalov
 E-mail                 : info () elcomsoft com
 Phone / fax            : +7 095 216-7937
                          +1 866 448-2703 (fax; US, toll-free)
 Affiliation and address: 2-171 generala Antonova st.
                          Moscow 117279

Have you reported this to the vendor?

  Yes (the vendor has not replied).


Details on the vulnerability
- ----------------------------

  An eBook (electronic book) is simply a file that contains text and images
  - as in usual (printed) book, but with additional features such as
  hyperlinks (cross-references), searching capabilities and sometimes
  sounds/music. To read an eBook, you should have a PC with an appropriate
  software, or a special hardware device.

  Adobe Content Server (http://www.adobe.com/products/contentserver/) makes it
  easy for you to sell electronic books (eBooks) securely online. Adobe Content
  Server packages and protects eBooks and distributes them in PDF format
  directly from any Web site. Anyone with the free Adobe Acrobat eBook Reader
  (http://www.adobe.com/products/ebookreader/) can purchase your content with
  ease. That technology allows to enable or disable the following consumer
  permissions: copy text to clipboard, print all or a defined number of pages,
  lending, expiration, and text to speech. When the file is encrypted, special
  master voucher for its distribution is being created. The master voucher is
  a separate, XML-based file that contains an encrypted key to the eBook and
  the set of privileges that accompany it. When a customer purchases an Adobe
  PDF eBook directly from an e-commerce site, it's automatically downloaded
  into the customer's personal Acrobat eBook Reader library for immediate
  viewing. Acrobat eBook Reader unlocks the encrypted key that came with the
  eBook and its master voucher. Now the eBook is tied to the customer's Acrobat
  eBook Reader and can't be transmitted elsewhere unless lending or gifting
  permission has been enabled.

  The voucher also contains permissions (given by the publisher) for all the
  books: whether or not you can print and copy portions of a book; the publisher
  may allow you to print only a limited number of pages or to copy a limited
  number of selections in a given time period. The Acrobat eBook Reader keeps
  track of your printing and copying. When you print or copy, a dialog box tells
  you how much printing or copying you have done and asks whether you want to
  proceed. In addition, if the publisher allows, you can give or lend the book to
  someone else.

  1. Copy/print: if printing and/or copying is allowed, but limited (the typical
     limitation is: you can print 10 pages in 10 days, or copy 10 portions of
     the text to the Clipboard in 10 days), these limitations can be defeated.
     Just create backup copies of the following files from Adobe Acrobat eBook
     Reader folder:


     After copying or printing in Adobe Acrobat eBook Reader, just restore these
     files from backup, and copy/print limitations will be back to the status as
     if you have not copied or printed anything at all.

  2. Lend/give: if these operations are allowed by the publisher, you can
     backup the above mentioned files, perform Lend/Give, and restore the
     files. The book(s) will remain in your lirbary, while the recipient
     (you gave the book to) will also have a copy.

The impact of this vulnerability
- --------------------------------

  With [1], the owner of the book can copy/print unlimited number of portions
  of the book, ignoring the limitations set by the publisher.

  With [2], it is possible to create multiple copies (as many as you want) of
  any book (the 'Give' function is enabled for): make the backup; give it to
  someone else through network or IR port; restore from backup; give to the
  next recipient etc.

Systems and/or configurations that are vulnerable
- -------------------------------------------------

  All versions of Adobe Content Server, and at least Windows version of
  Adobe Acrobat eBook Reader.

Workarounds and/or fixes for this vulnerability
- -----------------------------------------------

  Not available. Though it is not very hard to implement a workaround by
  keeping and validating the checksum or digital singnature of the whole
  vouchers file (not only individual vouchers). For that, however,
  both Adobe Acrobat eBook Reader and Adobe Content Server should
  be seriously upated.

Version: 2.6


  By Date           By Thread  

Current thread:
  • Vulnerability found: Adobe Acrobat eBook Reader and Content Server full-disclosure () lists netsys com (Jul 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]