Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60709
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0144
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0144.

The Adobe Reader allows users to view and print documents in portable
document format (PDF).

Several flaws were found in the way Adobe Reader processed malformed PDF
files. An attacker could create a malicious PDF file which could execute
arbitrary code if opened by a victim. (CVE-2007-5659, CVE-2007-5663,
CVE-2007-5666, CVE-2008-0726)

A flaw was found in the way the Adobe Reader browser plug-in honored
certain requests. A malicious PDF file could cause the browser to request
an unauthorized URL, allowing for a cross-site request forgery attack.
(CVE-2007-0044)

A flaw was found in Adobe Reader's JavaScript API DOC.print function. A
malicious PDF file could silently trigger non-interactive printing of the
document, causing multiple copies to be printed without the users consent.
(CVE-2008-0667)

Additionally, this update fixes multiple unknown flaws in Adobe Reader.
When the information regarding these flaws is made public by Adobe, it will
be added to this advisory. (CVE-2008-0655)

Note: Adobe have yet to release security fixed versions of Adobe 7. All
users of Adobe Reader are, therefore, advised to install these updated
packages. They contain Adobe Reader version 8.1.2, which is not vulnerable
to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0144.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5659
Cert/CC Advisory: TA08-043A
http://www.us-cert.gov/cas/techalerts/TA08-043A.html
CERT/CC vulnerability note: VU#666281
http://www.kb.cert.org/vuls/id/666281
http://security.gentoo.org/glsa/glsa-200803-01.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9813
http://www.redhat.com/support/errata/RHSA-2008-0144.html
http://secunia.com/advisories/29065
http://secunia.com/advisories/29205
http://secunia.com/advisories/30840
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1
http://www.vupen.com/english/advisories/2008/1966/references
Common Vulnerability Exposure (CVE) ID: CVE-2007-5663
CERT/CC vulnerability note: VU#140129
http://www.kb.cert.org/vuls/id/140129
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9928
Common Vulnerability Exposure (CVE) ID: CVE-2007-5666
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=655
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11161
Common Vulnerability Exposure (CVE) ID: CVE-2007-0044
BugTraq ID: 21858
http://www.securityfocus.com/bid/21858
Bugtraq: 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/455801/100/0/threaded
http://security.gentoo.org/glsa/glsa-200701-16.xml
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
http://www.wisec.it/vulns.php?page=9
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042
http://securitytracker.com/id?1017469
http://secunia.com/advisories/23812
http://secunia.com/advisories/23882
http://securityreason.com/securityalert/2090
SuSE Security Announcement: SUSE-SA:2007:011 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
http://www.vupen.com/english/advisories/2007/0032
XForce ISS Database: adobe-acrobat-pdf-csrf(31266)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31266
Common Vulnerability Exposure (CVE) ID: CVE-2008-0655
BugTraq ID: 27641
http://www.securityfocus.com/bid/27641
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10299
http://securitytracker.com/id?1019346
http://secunia.com/advisories/28802
http://secunia.com/advisories/28851
http://secunia.com/advisories/28983
SuSE Security Announcement: SUSE-SA:2008:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html
http://www.vupen.com/english/advisories/2008/0425
Common Vulnerability Exposure (CVE) ID: CVE-2008-0667
Bugtraq: 20080208 Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/487760/100/0/threaded
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1
http://www.fortiguardcenter.com/advisory/FGA-2008-04.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9731
http://securityreason.com/securityalert/3625
http://www.vupen.com/english/advisories/2008/0425/references
Common Vulnerability Exposure (CVE) ID: CVE-2008-0726
Bugtraq: 20080211 ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/488000/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-004.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10957
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.