ID de Prueba:	1.3.6.1.4.1.25623.1.0.57769
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0017
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0017. The Adobe Acrobat Reader allows users to view and print documents in portable document format (PDF). A cross site scripting flaw was found in the way the Adobe Reader Plugin processes certain malformed URLs. A malicious web page could inject arbitrary javascript into the browser session which could possibly lead to a cross site scripting attack. (CVE-2007-0045) Two arbitrary code execution flaws were found in the way Adobe Reader processes malformed document files. It may be possible to execute arbitrary code on a victim's machine if the victim opens a malicious PDF file. (CVE-2006-5857, CVE-2007-0046) All users of Acrobat Reader are advised to upgrade to these updated packages, which contain Acrobat Reader version 7.0.9 and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0017.html http://www.adobe.com/support/security/bulletins/apsb07-01.html http://www.redhat.com/security/updates/classification/#critical Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5857 BugTraq ID: 21981 http://www.securityfocus.com/bid/21981 Bugtraq: 20070110 Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite (Google Search) http://www.securityfocus.com/archive/1/456491/100/0/threaded CERT/CC vulnerability note: VU#698924 http://www.kb.cert.org/vuls/id/698924 http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html http://security.gentoo.org/glsa/glsa-200701-16.xml http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt http://osvdb.org/31316 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11698 RedHat Security Advisories: RHSA-2007:0017 https://rhn.redhat.com/errata/RHSA-2007-0017.html http://www.redhat.com/support/errata/RHSA-2007-0021.html http://securitytracker.com/id?1017491 http://secunia.com/advisories/23666 http://secunia.com/advisories/23691 http://secunia.com/advisories/23812 http://secunia.com/advisories/23877 http://secunia.com/advisories/23882 http://secunia.com/advisories/24533 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1 SuSE Security Announcement: SUSE-SA:2007:011 (Google Search) http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://www.vupen.com/english/advisories/2007/0115 http://www.vupen.com/english/advisories/2007/0957 Common Vulnerability Exposure (CVE) ID: CVE-2007-0045 BugTraq ID: 21858 http://www.securityfocus.com/bid/21858 Bugtraq: 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/455801/100/0/threaded Bugtraq: 20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous (Google Search) http://www.securityfocus.com/archive/1/455836/100/0/threaded Bugtraq: 20070103 Re: Universal XSS with PDF files: highly dangerous (Google Search) http://www.securityfocus.com/archive/1/455800/100/0/threaded Bugtraq: 20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous (Google Search) http://www.securityfocus.com/archive/1/455831/100/0/threaded Bugtraq: 20070103 Universal XSS with PDF files: highly dangerous (Google Search) http://www.securityfocus.com/archive/1/455790/100/0/threaded Bugtraq: 20070104 Universal PDF XSS After Party (Google Search) http://www.securityfocus.com/archive/1/455906/100/0/threaded Cert/CC Advisory: TA09-286B http://www.us-cert.gov/cas/techalerts/TA09-286B.html CERT/CC vulnerability note: VU#815960 http://www.kb.cert.org/vuls/id/815960 HPdes Security Advisory: HPSBUX02153 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HPdes Security Advisory: SSRT061181 http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf http://www.disenchant.ch/blog/hacking-with-browser-plugins/34 http://www.gnucitizen.org/blog/universal-pdf-xss-after-party http://www.wisec.it/vulns.php?page=9 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693 http://securitytracker.com/id?1017469 http://securitytracker.com/id?1023007 http://secunia.com/advisories/23483 http://secunia.com/advisories/24457 http://secunia.com/advisories/33754 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 http://securityreason.com/securityalert/2090 http://www.vupen.com/english/advisories/2007/0032 http://www.vupen.com/english/advisories/2009/2898 XForce ISS Database: adobe-acrobat-pdf-xss(31271) https://exchange.xforce.ibmcloud.com/vulnerabilities/31271 Common Vulnerability Exposure (CVE) ID: CVE-2007-0046 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9684 XForce ISS Database: adobe-acrobat-msvcrt-code-execution(31272) https://exchange.xforce.ibmcloud.com/vulnerabilities/31272
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.