Signature Detail
Short Name |
HTTP:STC:CLSID:ACTIVEX:ACROPDF |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe AcroPDF Unsafe ActiveX Control |
Release Date |
2005/05/09 |
Update Number |
1213 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Adobe AcroPDF Unsafe ActiveX Control
This signature detects attempts to exploit a known vulnerability in Adobe AcroPDF. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
It is reported that the Adobe Acrobat Reader ActiveX control is prone to information disclosure vulnerability. Reports indicate that the Adobe Acrobat Reader ActiveX control, may be employed to disclose the existence of a target file. Information that is harvested by leveraging this vulnerability may be used to aid in further attacks. This vulnerability is reported to affect Adobe Acrobat Reader version 7.0 and prior versions.
Affected Products
- Adobe Reader 3.0.0
- Adobe Reader 4.0.0
- Adobe Reader 4.0.0 5
- Adobe Reader 4.0.0 5c
- Adobe Reader 4.0.5 A
- Adobe Reader 4.5
- Adobe Reader 5.0.0
- Adobe Reader 5.0.5
- Adobe Reader 5.1.0
- Adobe Reader 6.0.0
- Adobe Reader 6.0.1
- Adobe Reader 6.0.2
- Adobe Reader 6.0.3
- Adobe Reader 7.0.0
References
- BugTraq: 12989
- BugTraq: 21338
- BugTraq: 21813
- CVE: CVE-2006-6027
- CVE: CVE-2006-6236
- CVE: CVE-2005-0035
- URL: http://www.adobe.com/support/techdocs/331465.html
- URL: http://www.frsirt.com/english/advisories/2005/0310