This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:STC:ADOBE:ACROBAT-URL-DF
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Adobe Acrobat Reader Plugin URL Double Free
|
Release Date |
2007/01/08
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Adobe Acrobat Reader Plugin URL Double Free
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader Plugin. The vulnerability is caused due to a memory corruption that happens inside the Plugin for multiple browsers upon processing a URL for a PDF file. A remote unauthenticated attacker can leverage the vulnerability to achieve cross-site scripting attacks.
Extended Description
Adobe Reader Plugin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the visited site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects Adobe Reader versions 6 and 7 for Mozilla Firefox, Opera, and Microsoft Internet Explorer. Other versions for other browsers may also be affected.
Affected Products
- Adobe acrobat_3d
- Adobe acrobat_elements 7.0.8
- Adobe acrobat_professional 7.0.0
- Adobe acrobat_professional 7.0.1
- Adobe acrobat_professional 7.0.2
- Adobe acrobat_professional 7.0.3
- Adobe acrobat_professional 7.0.4
- Adobe acrobat_professional 7.0.5
- Adobe acrobat_professional 7.0.6
- Adobe acrobat_professional 7.0.7
- Adobe acrobat_professional 7.0.8
- Adobe acrobat_professional 7.0.9
- Adobe acrobat_professional 7.1
- Adobe acrobat_professional 7.1.1
- Adobe acrobat_professional 7.1.3
- Adobe acrobat_professional 8.0
- Adobe acrobat_professional 8.1
- Adobe acrobat_professional 8.1.1
- Adobe acrobat_professional 8.1.2
- Adobe acrobat_professional 8.1.2 Security Update 1
- Adobe acrobat_professional 8.1.3
- Adobe acrobat_professional 8.1.4
- Adobe acrobat_professional 8.1.6
- Adobe acrobat_professional 9
- Adobe acrobat_professional 9.1
- Adobe acrobat_professional 9.1.2
- Adobe acrobat_professional 9.1.3
- Adobe acrobat_standard 7.0.0
- Adobe acrobat_standard 7.0.1
- Adobe acrobat_standard 7.0.2
- Adobe acrobat_standard 7.0.3
- Adobe acrobat_standard 7.0.4
- Adobe acrobat_standard 7.0.5
- Adobe acrobat_standard 7.0.6
- Adobe acrobat_standard 7.0.7
- Adobe acrobat_standard 7.0.8
- Adobe acrobat_standard 7.1
- Adobe acrobat_standard 7.1.1
- Adobe acrobat_standard 7.1.3
- Adobe acrobat_standard 8.0
- Adobe acrobat_standard 8.1
- Adobe acrobat_standard 8.1.1
- Adobe acrobat_standard 8.1.2
- Adobe acrobat_standard 8.1.3
- Adobe acrobat_standard 8.1.4
- Adobe acrobat_standard 8.1.6
- Adobe acrobat_standard 9
- Adobe acrobat_standard 9.1
- Adobe acrobat_standard 9.1.2
- Adobe acrobat_standard 9.1.3
- Adobe reader 6.0.0
- Adobe reader 6.0.1
- Adobe reader 6.0.2
- Adobe reader 6.0.3
- Adobe reader 6.0.4
- Adobe reader 7.0.0
- Adobe reader 7.0.1
- Adobe reader 7.0.2
- Adobe reader 7.0.3
- Adobe reader 7.0.4
- Adobe reader 7.0.5
- Adobe reader 7.0.6
- Adobe reader 7.0.7
- Adobe reader 7.0.8
- Adobe reader 7.1
- Adobe reader 7.1.1
- Adobe reader 7.1.2
- Adobe reader 8.1
- Adobe reader 8.1.1
- Adobe reader 8.1.2
- Adobe reader 8.1.2 Security Update 1
- Adobe reader 8.1.3
- Adobe reader 8.1.4
- Adobe reader 8.1.5
- Adobe reader 8.1.6
- Adobe reader 9
- Adobe reader 9.1
- Adobe reader 9.1.1
- Adobe reader 9.1.2
- Adobe reader 9.1.3
- Avaya interactive_response 2.0
- Debian linux 3.1.0
- Debian linux 3.1.0 Alpha
- Debian linux 3.1.0 Amd64
- Debian linux 3.1.0 Arm
- Debian linux 3.1.0 Hppa
- Debian linux 3.1.0 Ia-32
- Debian linux 3.1.0 Ia-64
- Debian linux 3.1.0 M68k
- Debian linux 3.1.0 Mips
- Debian linux 3.1.0 Mipsel
- Debian linux 3.1.0 Ppc
- Debian linux 3.1.0 S/390
- Debian linux 3.1.0 Sparc
- Gentoo app-text/acroread 7.0.8
- Gentoo linux
- Microsoft internet_explorer 6.0
- Microsoft internet_explorer 6.0 SP1
- Mozilla firefox 1.0.4
- Mozilla firefox 1.5.0
- Mozilla firefox 1.5.0.1
- Mozilla firefox 1.5.0.2
- Mozilla firefox 1.5.0.3
- Mozilla firefox 1.5.0.4
- Mozilla firefox 1.5.0.5
- Mozilla firefox 1.5.0.6
- Mozilla firefox 1.5.0.7
- Mozilla firefox 1.5.0.8
- Mozilla firefox 1.5.0.9
- Mozilla firefox 1.5.0 Beta 1
- Mozilla firefox 1.5.0 Beta 2
- Mozilla firefox 2.0
- Mozilla firefox 2.0.0.1
- Mozilla firefox 2.0 Beta 1
- Mozilla firefox 2.0 RC2
- Mozilla firefox 2.0 RC3
- Opera_software opera_web_browser 9
- Opera_software opera_web_browser 9.10
- Red_hat enterprise_linux_desktop_supplementary 5 Client
- Red_hat enterprise_linux_extras 3
- Red_hat enterprise_linux_extras 4
- Red_hat enterprise_linux_supplementary 5 Server
- Sun solaris 10 Sparc
- Suse linux 10.0 X86
- Suse linux 10.1 X86
- Suse linux 9.3 X86
- Suse novell_linux_desktop 9.0.0
- Suse opensuse 10.2
- Suse opensuse 10.3
- Suse opensuse 11.0
- Suse opensuse 11.1
- Suse suse_linux_enterprise_desktop 10
- Suse suse_linux_enterprise_desktop 10 SP2
- Suse suse_linux_enterprise_desktop 10 SP3
- Suse suse_linux_enterprise_desktop 11
- Turbolinux turbolinux FUJI
References