CERTA-2007-AVI-003

Vulnerability from certfr_avis - Published: 2007-01-04 - Updated: 2007-01-04

None

Description

Plusieurs vulnérabilités touchent le greffon Adobe Acrobat Reader, et ceci quelque soit le navigateur utilisé. Ces vulnérabilités permettent à une personne malintentionnée qui les exploiterait de conduire des attaques par exécution croisée de code (Cross Site Scripting), par découpage de réponse HTTP (HTTP Response Splitting) ou par exécution forcée de code arbitraire à distance.

Solution

Remplacer la version actuelle par la version 8.0.0 (cf. section Documentation).

None
Impacted products
Vendor Product Description
Adobe Acrobat Reader Adobe Reader 7.x.
Adobe Acrobat Reader Adobe Reader 6.x ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Reader 7.x.",
      "product": {
        "name": "Acrobat Reader",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Reader 6.x ;",
      "product": {
        "name": "Acrobat Reader",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s touchent le greffon Adobe Acrobat Reader, et\nceci quelque soit le navigateur utilis\u00e9. Ces vuln\u00e9rabilit\u00e9s permettent \u00e0\nune personne malintentionn\u00e9e qui les exploiterait de conduire des\nattaques par ex\u00e9cution crois\u00e9e de code (Cross Site Scripting), par\nd\u00e9coupage de r\u00e9ponse HTTP (HTTP Response Splitting) ou par ex\u00e9cution\nforc\u00e9e de code arbitraire \u00e0 distance.\n\n## Solution\n\nRemplacer la version actuelle par la version 8.0.0 (cf. section\nDocumentation).\n",
  "cves": [],
  "initial_release_date": "2007-01-04T00:00:00",
  "last_revision_date": "2007-01-04T00:00:00",
  "links": [
    {
      "title": "Page de t\u00e9l\u00e9chargement de la nouvelle version d\u0027Acrobat    Reader :",
      "url": "http://www.adobe.com/products/acrobat/readstep2.html"
    }
  ],
  "reference": "CERTA-2007-AVI-003",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution crois\u00e9e de code ( cross site scripting )"
    },
    {
      "description": "D\u00e9coupage de r\u00e9ponse http ( http response splitting )"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s du greffon Adobe Acrobat Reader",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VU#815960 de l\u0027US-CERT",
      "url": "http://www.kb.cert.org/vuls/id/815960"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.