Executive Summary
Summary | |
---|---|
Title | Adobe Acrobat Reader security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0017 | First vendor Publication | 2007-01-11 |
Vendor | RedHat | Last vendor Modification | 2007-01-11 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated acroread packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Problem description: The Adobe Acrobat Reader allows users to view and print documents in portable document format (PDF). A cross site scripting flaw was found in the way the Adobe Reader Plugin processes certain malformed URLs. A malicious web page could inject arbitrary javascript into the browser session which could possibly lead to a cross site scripting attack. (CVE-2007-0045) Two arbitrary code execution flaws were found in the way Adobe Reader processes malformed document files. It may be possible to execute arbitrary code on a victim's machine if the victim opens a malicious PDF file. (CVE-2006-5857, CVE-2007-0046) All users of Acrobat Reader are advised to upgrade to these updated packages, which contain Acrobat Reader version 7.0.9 and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 221594 - CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0017.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11698 | |||
Oval ID: | oval:org.mitre.oval:def:11698 | ||
Title: | Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. | ||
Description: | Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-5857 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29480 | |||
Oval ID: | oval:org.mitre.oval:def:29480 | ||
Title: | Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code (CVE-2006-5857) | ||
Description: | Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-5857 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Acrobat Adobe Reader |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6487 | |||
Oval ID: | oval:org.mitre.oval:def:6487 | ||
Title: | Adobe Reader and Acrobat Multiple Vulnerabilities | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-0045 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9684 | |||
Oval ID: | oval:org.mitre.oval:def:9684 | ||
Title: | Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | ||
Description: | Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-0046 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9693 | |||
Oval ID: | oval:org.mitre.oval:def:9693 | ||
Title: | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-0045 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-27 | Name : Gentoo Security Advisory GLSA 200910-03 (acroread) File : nvt/glsa_200910_03.nasl |
2009-10-27 | Name : SuSE Security Advisory SUSE-SA:2009:049 (acroread, acroread_ja) File : nvt/suse_sa_2009_049.nasl |
2009-10-10 | Name : SLES9: Security update for acroread File : nvt/sles9p5018489.nasl |
2009-01-28 | Name : SuSE Update for acroread SUSE-SA:2007:011 File : nvt/gb_suse_2007_011.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-16 (acroread) File : nvt/glsa_200701_16.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1336-1 (mozilla-firefox) File : nvt/deb_1336_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
31316 | Adobe Reader Rendering Subroutine Memory Corruption Arbitrary Code Execution |
31048 | Adobe Acrobat Reader Browser Plug-in PDF Handling Memory Corruption |
31046 | Adobe Acrobat Reader Browser Plug-in PDF XSS Acrobat Reader contains a flaw that allows a remote cross site scripting attack. This flaw exists because the browser plug-in does not validate user supplied input to the hosted PDF file before returning the input to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's Acrobat Reader browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Adobe Acrobat Plugin JavaScript parameter double free attempt RuleID : 9843 - Revision : 17 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Plugin Universal cross-site scripting attempt RuleID : 9842 - Revision : 11 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader PDF subroutine pointer attempt RuleID : 21765 - Revision : 7 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0017.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0021.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6585.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6584.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6583.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6582.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_acroread-6588.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200910-03.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-091022.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread-091022.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-091022.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-091022.nasl - Type : ACT_GATHER_INFO |
2009-10-14 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb09-15.nasl - Type : ACT_GATHER_INFO |
2009-10-14 | Name : The PDF file viewer on the remote Windows host is affected by a memory corrup... File : adobe_reader_apsb09-15.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11433.nasl - Type : ACT_GATHER_INFO |
2009-08-28 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_709.nasl - Type : ACT_GATHER_INFO |
2009-01-31 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_1_0_154_46.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-2508.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-2545.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_acroread-2506.nasl - Type : ACT_GATHER_INFO |
2007-07-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1336.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-066-05.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2007_011.nasl - Type : ACT_GATHER_INFO |
2007-01-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-16.nasl - Type : ACT_GATHER_INFO |
2007-01-10 | Name : The PDF file viewer on the remote Windows host is affected by several vulnera... File : adobe_reader_709.nasl - Type : ACT_GATHER_INFO |
2007-01-05 | Name : The browser plugin on the remote Windows host is affected by multiple issues. File : adobe_pdf_plugin_80.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 121104-11 File : solaris10_121104.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:22 |
|