Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57812
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0021
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0021.

The Adobe Reader allows users to view and print documents in portable
document format (PDF).

A cross site scripting flaw was found in the way the Adobe Reader Plugin
processes certain malformed URLs. A malicious web page could inject
arbitrary javascript into the browser session which could possibly lead to
a cross site scripting attack. (CVE-2007-0045)

Two arbitrary code execution flaws were found in the way Adobe Reader
processes malformed document files. It may be possible to execute arbitrary
code on a victim's machine if the victim opens a malicious PDF file.
(CVE-2006-5857, CVE-2007-0046)

Please note that Adobe Reader 7.0.9 requires versions of several system
libraries that were not shipped with Red Hat Enterprise Linux 3. This
update contains additional packages that provide the required system
library versions for Adobe Reader. These additional packages are only
required by Adobe Reader and do not replace or affect any other aspects of
a Red Hat Enterprise Linux 3 system.

All users of Adobe Reader are advised to upgrade to these updated packages,
which contain Adobe Reader version 7.0.9 and additional libraries to
correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0021.html
http://www.adobe.com/support/security/bulletins/apsb07-01.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-5857
BugTraq ID: 21981
http://www.securityfocus.com/bid/21981
Bugtraq: 20070110 Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite (Google Search)
http://www.securityfocus.com/archive/1/456491/100/0/threaded
CERT/CC vulnerability note: VU#698924
http://www.kb.cert.org/vuls/id/698924
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html
http://security.gentoo.org/glsa/glsa-200701-16.xml
http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt
http://osvdb.org/31316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11698
RedHat Security Advisories: RHSA-2007:0017
https://rhn.redhat.com/errata/RHSA-2007-0017.html
http://www.redhat.com/support/errata/RHSA-2007-0021.html
http://securitytracker.com/id?1017491
http://secunia.com/advisories/23666
http://secunia.com/advisories/23691
http://secunia.com/advisories/23812
http://secunia.com/advisories/23877
http://secunia.com/advisories/23882
http://secunia.com/advisories/24533
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
SuSE Security Announcement: SUSE-SA:2007:011 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
http://www.vupen.com/english/advisories/2007/0115
http://www.vupen.com/english/advisories/2007/0957
Common Vulnerability Exposure (CVE) ID: CVE-2007-0045
BugTraq ID: 21858
http://www.securityfocus.com/bid/21858
Bugtraq: 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/455801/100/0/threaded
Bugtraq: 20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous (Google Search)
http://www.securityfocus.com/archive/1/455836/100/0/threaded
Bugtraq: 20070103 Re: Universal XSS with PDF files: highly dangerous (Google Search)
http://www.securityfocus.com/archive/1/455800/100/0/threaded
Bugtraq: 20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous (Google Search)
http://www.securityfocus.com/archive/1/455831/100/0/threaded
Bugtraq: 20070103 Universal XSS with PDF files: highly dangerous (Google Search)
http://www.securityfocus.com/archive/1/455790/100/0/threaded
Bugtraq: 20070104 Universal PDF XSS After Party (Google Search)
http://www.securityfocus.com/archive/1/455906/100/0/threaded
Cert/CC Advisory: TA09-286B
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
CERT/CC vulnerability note: VU#815960
http://www.kb.cert.org/vuls/id/815960
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
http://www.wisec.it/vulns.php?page=9
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
http://securitytracker.com/id?1017469
http://securitytracker.com/id?1023007
http://secunia.com/advisories/23483
http://secunia.com/advisories/24457
http://secunia.com/advisories/33754
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://securityreason.com/securityalert/2090
http://www.vupen.com/english/advisories/2007/0032
http://www.vupen.com/english/advisories/2009/2898
XForce ISS Database: adobe-acrobat-pdf-xss(31271)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31271
Common Vulnerability Exposure (CVE) ID: CVE-2007-0046
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9684
XForce ISS Database: adobe-acrobat-msvcrt-code-execution(31272)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31272
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.