Signature Detail
Short Name |
HTTP:STC:ADOBE:PDF-XML-XSS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe Reader/Acrobat XML Cross-Site Scripting |
Release Date |
2011/02/15 |
Update Number |
1866 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Adobe Reader/Acrobat XML Cross-Site Scripting
This signature detects attempts to exploit a known vulnerability in Adobe Reader and Adobe Acrobat. A cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary Web script or HTML through unspecified vectors. A successful attack can result in remote code execution.
Extended Description
Adobe Acrobat and Reader are prone to an unspecified cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Adobe Reader and Acrobat versions prior to 9.4.2 and 10.0.1 are affected.
Affected Products
- Adobe Acrobat 10.0
- Adobe Acrobat 8.1.5
- Adobe Acrobat 8.2.2
- Adobe Acrobat 8.2.3
- Adobe Acrobat 8.2.4
- Adobe Acrobat 9.1.1
- Adobe Acrobat 9.2
- Adobe Acrobat 9.3
- Adobe Acrobat 9.3.1
- Adobe Acrobat 9.3.2
- Adobe Acrobat 9.3.3
- Adobe Acrobat 9.3.3
- Adobe Acrobat 9.3.4
- Adobe Acrobat 9.3.4
- Adobe Acrobat 9.4
- Adobe Acrobat 9.4.1
- Adobe Acrobat Professional 10.0
- Adobe Acrobat Professional 6.0
- Adobe Acrobat Professional 7.0.0
- Adobe Acrobat Professional 7.0.1
- Adobe Acrobat Professional 7.0.2
- Adobe Acrobat Professional 7.0.3
- Adobe Acrobat Professional 7.0.4
- Adobe Acrobat Professional 7.0.5
- Adobe Acrobat Professional 7.0.6
- Adobe Acrobat Professional 7.0.7
- Adobe Acrobat Professional 7.0.8
- Adobe Acrobat Professional 7.0.9
- Adobe Acrobat Professional 7.1
- Adobe Acrobat Professional 7.1.1
- Adobe Acrobat Professional 7.1.3
- Adobe Acrobat Professional 7.1.4
- Adobe Acrobat Professional 8.0
- Adobe Acrobat Professional 8.1
- Adobe Acrobat Professional 8.1.1
- Adobe Acrobat Professional 8.1.2
- Adobe Acrobat Professional 8.1.3
- Adobe Acrobat Professional 8.1.4
- Adobe Acrobat Professional 8.1.6
- Adobe Acrobat Professional 8.1.7
- Adobe Acrobat Professional 8.2
- Adobe Acrobat Professional 8.2.1
- Adobe Acrobat Professional 8.2.2
- Adobe Acrobat Professional 8.2.4
- Adobe Acrobat Professional 8.2.5
- Adobe Acrobat Professional 9
- Adobe Acrobat Professional 9.1
- Adobe Acrobat Professional 9.1.2
- Adobe Acrobat Professional 9.1.3
- Adobe Acrobat Professional 9.2
- Adobe Acrobat Professional 9.3
- Adobe Acrobat Professional 9.3.1
- Adobe Acrobat Professional 9.3.2
- Adobe Acrobat Professional 9.3.3
- Adobe Acrobat Professional 9.3.4
- Adobe Acrobat Professional 9.4
- Adobe Acrobat Professional 9.4.1
- Adobe Acrobat Professional 9 Extended
- Adobe Acrobat Reader (for Linux) 8.2.4
- Adobe Acrobat Reader (for Linux) 9.3.3
- Adobe Acrobat Standard 10.0
- Adobe Acrobat Standard 7.0.0
- Adobe Acrobat Standard 7.0.1
- Adobe Acrobat Standard 7.0.2
- Adobe Acrobat Standard 7.0.3
- Adobe Acrobat Standard 7.0.4
- Adobe Acrobat Standard 7.0.5
- Adobe Acrobat Standard 7.0.6
- Adobe Acrobat Standard 7.0.7
- Adobe Acrobat Standard 7.0.8
- Adobe Acrobat Standard 7.1
- Adobe Acrobat Standard 7.1.1
- Adobe Acrobat Standard 7.1.3
- Adobe Acrobat Standard 7.1.4
- Adobe Acrobat Standard 8.0
- Adobe Acrobat Standard 8.1
- Adobe Acrobat Standard 8.1.1
- Adobe Acrobat Standard 8.1.2
- Adobe Acrobat Standard 8.1.3
- Adobe Acrobat Standard 8.1.4
- Adobe Acrobat Standard 8.1.6
- Adobe Acrobat Standard 8.1.7
- Adobe Acrobat Standard 8.2
- Adobe Acrobat Standard 8.2.1
- Adobe Acrobat Standard 8.2.2
- Adobe Acrobat Standard 8.2.4
- Adobe Acrobat Standard 8.2.5
- Adobe Acrobat Standard 9
- Adobe Acrobat Standard 9.1
- Adobe Acrobat Standard 9.1.2
- Adobe Acrobat Standard 9.1.3
- Adobe Acrobat Standard 9.2
- Adobe Acrobat Standard 9.3
- Adobe Acrobat Standard 9.3.1
- Adobe Acrobat Standard 9.3.2
- Adobe Acrobat Standard 9.3.3
- Adobe Acrobat Standard 9.3.4
- Adobe Acrobat Standard 9.3.4
- Adobe Acrobat Standard 9.4
- Adobe Acrobat Standard 9.4.1
- Adobe Reader 10.0
- Adobe Reader 8.0
- Adobe Reader 8.1
- Adobe Reader 8.1.1
- Adobe Reader 8.1.2
- Adobe Reader 8.1.4
- Adobe Reader 8.1.5
- Adobe Reader 8.1.6
- Adobe Reader 8.1.7
- Adobe Reader 8.2
- Adobe Reader 8.2.1
- Adobe Reader 8.2.2
- Adobe Reader 8.2.3
- Adobe Reader 9
- Adobe Reader 9.1
- Adobe Reader 9.1.1
- Adobe Reader 9.1.2
- Adobe Reader 9.1.3
- Adobe Reader 9.2
- Adobe Reader 9.3
- Adobe Reader 9.3.1
- Adobe Reader 9.3.2
- Adobe Reader 9.3.3
- Adobe Reader 9.3.4
- Adobe Reader 9.3.4
- Adobe Reader 9.4
- Adobe Reader 9.4.1
- Gentoo Linux
- Red Hat Desktop Extras 4
- Red Hat Enterprise Linux AS Extras 4
- Red Hat Enterprise Linux Desktop Supplementary 5 Client
- Red Hat Enterprise Linux Desktop Supplementary 6
- Red Hat Enterprise Linux ES Extras 4
- Red Hat Enterprise Linux Extras 4
- Red Hat Enterprise Linux Server Supplementary 6
- Red Hat Enterprise Linux Supplementary 5 Server
- Red Hat Enterprise Linux Workstation Supplementary 6
- Red Hat Enterprise Linux WS Extras 4
- SuSE openSUSE 11.2
- SuSE openSUSE 11.3
- SuSE SUSE Linux Enterprise Desktop 10 SP3
- SuSE SUSE Linux Enterprise Desktop 11 SP1
References
- BugTraq: 46217
- CVE: CVE-2011-0604