Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux) Network Vulnerability

Summary

This host is installed with Adobe Reader and is prone to information disclosure and remote code execution vulnerabilities.

Impact

Successful exploitation will allow attackers to conduct arbitrary code execution and gain knowledge of sensitive information. Impact Level: System/Application

Solution

Upgrade to Adobe Reader version 7.0 or later. For updates refer to http://get.adobe.com/reader

Insight

Flaws exist due to, - A boundary error in 'UnixAppOpenFilePerform' function while opening a document containing a '/Filespec' tag. - Temporary files being created with permissions based on the user's umask in the '/tmp' folder.

Affected

Adobe Reader version 5.0.9 and 5.0.10 on Linux.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/14457
http://secunia.com/advisories/15934
http://www.osvdb.com/17615
http://www.osvdb.com/17740

Updated on 2017-03-28

Severity

Classification

CVE CVE-2005-1625, CVE-2005-1841

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
Apple Safari Webkit Multiple Vulnerabilities - March 2011
APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
Apple Safari WebKit Information Disclosure Vulnerability (Windows)

Take action and discover your vulnerabilities