Summary
This host is installed with Adobe Reader and is prone to cross site scripting and denial of service vulnerabilities.
Impact
Successful exploitation will allow attackers to cause memory corruption, conduct denial of service attack and the execution of arbitrary script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to Adobe Reader version 9.2 or 8.1.7 or 7.1.4 or 7.0.9 or later. For updates refer to http://get.adobe.com/reader
Insight
Flaws exist due to,
- the browser plug-in does not validate user supplied input to the hosted PDF file before returning the input to the user.
- some unspecified error.
Affected
Adobe Reader version 9.x before 9.2, 8.x before 8.1.7, 7.x before 7.1.4, 7.0.8 and earlier on Mac OS X.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2007-0045, CVE-2007-0048 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
- Apple Safari Multiple Vulnerabilities
- Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)
- Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)