Summary
This host is installed with Adobe Reader and is prone to information disclosure and remote code execution vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct arbitrary code execution and gain knowledge of sensitive information.
Impact Level: System/Application
Solution
Upgrade to Adobe Reader version 7.0 or later. For
updates refer to http://get.adobe.com/reader
Insight
Flaws exist due to,
- A boundary error in 'UnixAppOpenFilePerform' function while opening a document containing a '/Filespec' tag.
- Temporary files being created with permissions based on the user's umask in the '/tmp' folder.
Affected
Adobe Reader version 5.0.9 and 5.0.10 on Linux.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2005-1625, CVE-2005-1841 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- Apple Safari Multiple Vulnerabilities
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
- Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)