Test ID:	1.3.6.1.4.1.25623.1.0.57769
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0017
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0017. The Adobe Acrobat Reader allows users to view and print documents in portable document format (PDF). A cross site scripting flaw was found in the way the Adobe Reader Plugin processes certain malformed URLs. A malicious web page could inject arbitrary javascript into the browser session which could possibly lead to a cross site scripting attack. (CVE-2007-0045) Two arbitrary code execution flaws were found in the way Adobe Reader processes malformed document files. It may be possible to execute arbitrary code on a victim's machine if the victim opens a malicious PDF file. (CVE-2006-5857, CVE-2007-0046) All users of Acrobat Reader are advised to upgrade to these updated packages, which contain Acrobat Reader version 7.0.9 and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0017.html http://www.adobe.com/support/security/bulletins/apsb07-01.html http://www.redhat.com/security/updates/classification/#critical Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5857 BugTraq ID: 21981 http://www.securityfocus.com/bid/21981 Bugtraq: 20070110 Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite (Google Search) http://www.securityfocus.com/archive/1/456491/100/0/threaded CERT/CC vulnerability note: VU#698924 http://www.kb.cert.org/vuls/id/698924 http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html http://security.gentoo.org/glsa/glsa-200701-16.xml http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt http://osvdb.org/31316 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11698 RedHat Security Advisories: RHSA-2007:0017 https://rhn.redhat.com/errata/RHSA-2007-0017.html http://www.redhat.com/support/errata/RHSA-2007-0021.html http://securitytracker.com/id?1017491 http://secunia.com/advisories/23666 http://secunia.com/advisories/23691 http://secunia.com/advisories/23812 http://secunia.com/advisories/23877 http://secunia.com/advisories/23882 http://secunia.com/advisories/24533 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1 SuSE Security Announcement: SUSE-SA:2007:011 (Google Search) http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://www.vupen.com/english/advisories/2007/0115 http://www.vupen.com/english/advisories/2007/0957 Common Vulnerability Exposure (CVE) ID: CVE-2007-0045 BugTraq ID: 21858 http://www.securityfocus.com/bid/21858 Bugtraq: 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/455801/100/0/threaded Bugtraq: 20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous (Google Search) http://www.securityfocus.com/archive/1/455836/100/0/threaded Bugtraq: 20070103 Re: Universal XSS with PDF files: highly dangerous (Google Search) http://www.securityfocus.com/archive/1/455800/100/0/threaded Bugtraq: 20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous (Google Search) http://www.securityfocus.com/archive/1/455831/100/0/threaded Bugtraq: 20070103 Universal XSS with PDF files: highly dangerous (Google Search) http://www.securityfocus.com/archive/1/455790/100/0/threaded Bugtraq: 20070104 Universal PDF XSS After Party (Google Search) http://www.securityfocus.com/archive/1/455906/100/0/threaded Cert/CC Advisory: TA09-286B http://www.us-cert.gov/cas/techalerts/TA09-286B.html CERT/CC vulnerability note: VU#815960 http://www.kb.cert.org/vuls/id/815960 HPdes Security Advisory: HPSBUX02153 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HPdes Security Advisory: SSRT061181 http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf http://www.disenchant.ch/blog/hacking-with-browser-plugins/34 http://www.gnucitizen.org/blog/universal-pdf-xss-after-party http://www.wisec.it/vulns.php?page=9 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693 http://securitytracker.com/id?1017469 http://securitytracker.com/id?1023007 http://secunia.com/advisories/23483 http://secunia.com/advisories/24457 http://secunia.com/advisories/33754 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 http://securityreason.com/securityalert/2090 http://www.vupen.com/english/advisories/2007/0032 http://www.vupen.com/english/advisories/2009/2898 XForce ISS Database: adobe-acrobat-pdf-xss(31271) https://exchange.xforce.ibmcloud.com/vulnerabilities/31271 Common Vulnerability Exposure (CVE) ID: CVE-2007-0046 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9684 XForce ISS Database: adobe-acrobat-msvcrt-code-execution(31272) https://exchange.xforce.ibmcloud.com/vulnerabilities/31272
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.