Summary
This host is installed with Adobe Reader and is prone to cross site scripting and denial of service vulnerabilities.
Impact
Successful exploitation will allow attackers to cause memory corruption, conduct denial of service attack and the execution of arbitrary script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to Adobe Reader version 9.2 or 8.1.7 or 7.1.4 or 7.0.9 or later. For updates refer to http://get.adobe.com/reader
Insight
Flaws exist due to,
- the browser plug-in does not validate user supplied input to the hosted PDF file before returning the input to the user.
- some unspecified error.
Affected
Adobe Reader version 9.x before 9.2, 8.x before 8.1.7, 7.x before 7.1.4, 7.0.8 and earlier on Windows.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2007-0045, CVE-2007-0048 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
- Arris DOCSIS Password Disclosure
- Adobe Reader Information Disclosure Vulnerability Jun05 (Windows)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
- Apple Safari WebKit Information Disclosure Vulnerability (Windows)