Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0144

The remote host is missing updates announced in
advisory RHSA-2008:0144.

The Adobe Reader allows users to view and print documents in portable
document format (PDF).

Several flaws were found in the way Adobe Reader processed malformed PDF
files. An attacker could create a malicious PDF file which could execute
arbitrary code if opened by a victim. (CVE-2007-5659, CVE-2007-5663,
CVE-2007-5666, CVE-2008-0726)

A flaw was found in the way the Adobe Reader browser plug-in honored
certain requests. A malicious PDF file could cause the browser to request
an unauthorized URL, allowing for a cross-site request forgery attack.

A flaw was found in Adobe Reader's JavaScript API DOC.print function. A
malicious PDF file could silently trigger non-interactive printing of the
document, causing multiple copies to be printed without the users consent.

Additionally, this update fixes multiple unknown flaws in Adobe Reader.
When the information regarding these flaws is made public by Adobe, it will
be added to this advisory. (CVE-2008-0655)

Note: Adobe have yet to release security fixed versions of Adobe 7. All
users of Adobe Reader are, therefore, advised to install these updated
packages. They contain Adobe Reader version 8.1.2, which is not vulnerable
to these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5659
Cert/CC Advisory: TA08-043A
CERT/CC vulnerability note: VU#666281
Common Vulnerability Exposure (CVE) ID: CVE-2007-5663
CERT/CC vulnerability note: VU#140129
Common Vulnerability Exposure (CVE) ID: CVE-2007-5666
Common Vulnerability Exposure (CVE) ID: CVE-2007-0044
BugTraq ID: 21858
Bugtraq: 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities (Google Search)
SuSE Security Announcement: SUSE-SA:2007:011 (Google Search)
XForce ISS Database: adobe-acrobat-pdf-csrf(31266)
Common Vulnerability Exposure (CVE) ID: CVE-2008-0655
BugTraq ID: 27641
SuSE Security Announcement: SUSE-SA:2008:009 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2008-0667
Bugtraq: 20080208 Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2008-0726
Bugtraq: 20080211 ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability (Google Search)
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.