Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58043
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2007:011 (acroread)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory SUSE-SA:2007:011.

The Adobe Acrobat Reader has been updated to version 7.0.9.

This update also includes following security fixes:

CVE-2006-5857: A memory corruption problem was fixed in Adobe Acrobat
Reader can potentially lead to code execution.

CVE-2007-0044: Universal Cross Site Request Forgery (CSRF) problems
were fixed in the Acrobat Reader plugin which could be
exploited by remote attackers to conduct CSRF attacks
using any site that is providing PDFs.

CVE-2007-0045: Cross site scripting problems in the Acrobat Reader
plugin were fixed, which could be exploited by remote
attackers to conduct XSS attacks against any site that
is providing PDFs.

CVE-2007-0046: A double free problem in the Acrobat Reader plugin was fixed
which could be used by remote attackers to potentially execute
arbitrary code.
Note that all platforms using Adobe Reader currently have
counter measures against such attack where it will just
cause a controlled abort().

CVE-2007-0047 and CVE-2007-0048 affect only Microsoft Windows and
Internet Explorer.

Please note that the Acrobat Reader on SUSE Linux Enterprise Server
9 is affected too, but can not be updated currently due to GTK+
2.4 requirements. We are trying to find a solution.

Acrobat Reader on SUSE Linux Enterprise Server 8 and SUSE Linux
Desktop 1 is no longer supported and should be deinstalled.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2007:011

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-5857
BugTraq ID: 21981
http://www.securityfocus.com/bid/21981
Bugtraq: 20070110 Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite (Google Search)
http://www.securityfocus.com/archive/1/456491/100/0/threaded
CERT/CC vulnerability note: VU#698924
http://www.kb.cert.org/vuls/id/698924
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html
http://security.gentoo.org/glsa/glsa-200701-16.xml
http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt
http://osvdb.org/31316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11698
RedHat Security Advisories: RHSA-2007:0017
https://rhn.redhat.com/errata/RHSA-2007-0017.html
http://www.redhat.com/support/errata/RHSA-2007-0021.html
http://securitytracker.com/id?1017491
http://secunia.com/advisories/23666
http://secunia.com/advisories/23691
http://secunia.com/advisories/23812
http://secunia.com/advisories/23877
http://secunia.com/advisories/23882
http://secunia.com/advisories/24533
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
SuSE Security Announcement: SUSE-SA:2007:011 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
http://www.vupen.com/english/advisories/2007/0115
http://www.vupen.com/english/advisories/2007/0957
Common Vulnerability Exposure (CVE) ID: CVE-2007-0044
BugTraq ID: 21858
http://www.securityfocus.com/bid/21858
Bugtraq: 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/455801/100/0/threaded
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
http://www.wisec.it/vulns.php?page=9
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042
http://www.redhat.com/support/errata/RHSA-2008-0144.html
http://securitytracker.com/id?1017469
http://secunia.com/advisories/29065
http://securityreason.com/securityalert/2090
http://www.vupen.com/english/advisories/2007/0032
XForce ISS Database: adobe-acrobat-pdf-csrf(31266)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31266
Common Vulnerability Exposure (CVE) ID: CVE-2007-0045
Bugtraq: 20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous (Google Search)
http://www.securityfocus.com/archive/1/455836/100/0/threaded
Bugtraq: 20070103 Re: Universal XSS with PDF files: highly dangerous (Google Search)
http://www.securityfocus.com/archive/1/455800/100/0/threaded
Bugtraq: 20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous (Google Search)
http://www.securityfocus.com/archive/1/455831/100/0/threaded
Bugtraq: 20070103 Universal XSS with PDF files: highly dangerous (Google Search)
http://www.securityfocus.com/archive/1/455790/100/0/threaded
Bugtraq: 20070104 Universal PDF XSS After Party (Google Search)
http://www.securityfocus.com/archive/1/455906/100/0/threaded
Cert/CC Advisory: TA09-286B
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
CERT/CC vulnerability note: VU#815960
http://www.kb.cert.org/vuls/id/815960
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
http://securitytracker.com/id?1023007
http://secunia.com/advisories/23483
http://secunia.com/advisories/24457
http://secunia.com/advisories/33754
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://www.vupen.com/english/advisories/2009/2898
XForce ISS Database: adobe-acrobat-pdf-xss(31271)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31271
Common Vulnerability Exposure (CVE) ID: CVE-2007-0046
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9684
XForce ISS Database: adobe-acrobat-msvcrt-code-execution(31272)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31272
Common Vulnerability Exposure (CVE) ID: CVE-2007-0047
XForce ISS Database: adobe-acrobat-xmlhttp-response-splitting(31291)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31291
Common Vulnerability Exposure (CVE) ID: CVE-2007-0048
http://osvdb.org/31596
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348
XForce ISS Database: adobe-acrobat-character-dos(31273)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31273
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.