English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 74154 CVE descriptions
and 39337 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58043
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2007:011 (acroread)
Summary:SuSE Security Advisory SUSE-SA:2007:011 (acroread)
Description:
The remote host is missing updates announced in
advisory SUSE-SA:2007:011.

The Adobe Acrobat Reader has been updated to version 7.0.9.

This update also includes following security fixes:

CVE-2006-5857: A memory corruption problem was fixed in Adobe Acrobat
Reader can potentially lead to code execution.

CVE-2007-0044: Universal Cross Site Request Forgery (CSRF) problems
were fixed in the Acrobat Reader plugin which could be
exploited by remote attackers to conduct CSRF attacks
using any site that is providing PDFs.

CVE-2007-0045: Cross site scripting problems in the Acrobat Reader
plugin were fixed, which could be exploited by remote
attackers to conduct XSS attacks against any site that
is providing PDFs.

CVE-2007-0046: A double free problem in the Acrobat Reader plugin was fixed
which could be used by remote attackers to potentially execute
arbitrary code.
Note that all platforms using Adobe Reader currently have
counter measures against such attack where it will just
cause a controlled abort().

CVE-2007-0047 and CVE-2007-0048 affect only Microsoft Windows and
Internet Explorer.

Please note that the Acrobat Reader on SUSE Linux Enterprise Server
9 is affected too, but can not be updated currently due to GTK+
2.4 requirements. We are trying to find a solution.

Acrobat Reader on SUSE Linux Enterprise Server 8 and SUSE Linux
Desktop 1 is no longer supported and should be deinstalled.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2007:011

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-5857
Bugtraq: 20070110 Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite (Google Search)
http://www.securityfocus.com/archive/1/archive/1/456491/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html
http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt
http://security.gentoo.org/glsa/glsa-200701-16.xml
RedHat Security Advisories: RHSA-2007:0017
https://rhn.redhat.com/errata/RHSA-2007-0017.html
http://www.redhat.com/support/errata/RHSA-2007-0021.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
SuSE Security Announcement: SUSE-SA:2007:011 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
CERT/CC vulnerability note: VU#698924
http://www.kb.cert.org/vuls/id/698924
BugTraq ID: 21981
http://www.securityfocus.com/bid/21981
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11698
http://www.vupen.com/english/advisories/2007/0115
http://www.vupen.com/english/advisories/2007/0957
http://osvdb.org/31316
http://securitytracker.com/id?1017491
http://secunia.com/advisories/23666
http://secunia.com/advisories/23691
http://secunia.com/advisories/23812
http://secunia.com/advisories/23877
http://secunia.com/advisories/23882
http://secunia.com/advisories/24533
Common Vulnerability Exposure (CVE) ID: CVE-2007-0044
Bugtraq: 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/archive/1/455801/100/0/threaded
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
http://www.wisec.it/vulns.php?page=9
http://www.redhat.com/support/errata/RHSA-2008-0144.html
BugTraq ID: 21858
http://www.securityfocus.com/bid/21858
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10042
http://www.vupen.com/english/advisories/2007/0032
http://securitytracker.com/id?1017469
http://secunia.com/advisories/29065
http://securityreason.com/securityalert/2090
XForce ISS Database: adobe-acrobat-pdf-csrf(31266)
http://xforce.iss.net/xforce/xfdb/31266
Common Vulnerability Exposure (CVE) ID: CVE-2007-0045
Bugtraq: 20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous (Google Search)
http://www.securityfocus.com/archive/1/455836/100/0/threaded
Bugtraq: 20070103 Re: Universal XSS with PDF files: highly dangerous (Google Search)
http://www.securityfocus.com/archive/1/455800/100/0/threaded
Bugtraq: 20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous (Google Search)
http://www.securityfocus.com/archive/1/455831/100/0/threaded
Bugtraq: 20070103 Universal XSS with PDF files: highly dangerous (Google Search)
http://www.securityfocus.com/archive/1/455790/100/0/threaded
Bugtraq: 20070104 Universal PDF XSS After Party (Google Search)
http://www.securityfocus.com/archive/1/archive/1/455906/100/0/threaded
http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Cert/CC Advisory: TA09-286B
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
CERT/CC vulnerability note: VU#815960
http://www.kb.cert.org/vuls/id/815960
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6487
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9693
http://securitytracker.com/id?1023007
http://secunia.com/advisories/23483
http://secunia.com/advisories/24457
http://secunia.com/advisories/33754
http://www.vupen.com/english/advisories/2009/2898
XForce ISS Database: adobe-acrobat-pdf-xss(31271)
http://xforce.iss.net/xforce/xfdb/31271
Common Vulnerability Exposure (CVE) ID: CVE-2007-0046
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9684
XForce ISS Database: adobe-acrobat-msvcrt-code-execution(31272)
http://xforce.iss.net/xforce/xfdb/31272
Common Vulnerability Exposure (CVE) ID: CVE-2007-0047
XForce ISS Database: adobe-acrobat-xmlhttp-response-splitting(31291)
http://xforce.iss.net/xforce/xfdb/31291
Common Vulnerability Exposure (CVE) ID: CVE-2007-0048
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6348
http://osvdb.org/31596
XForce ISS Database: adobe-acrobat-character-dos(31273)
http://xforce.iss.net/xforce/xfdb/31273
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 39337 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.