Rapid7 VulnDB

CESA-2008:0144: acroread security update

Back to Search

CESA-2008:0144: acroread security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
02/12/2008
Created
07/25/2018
Added
11/12/2015
Modified
07/04/2017

Description

The Adobe Reader allows users to view and print documents in portabledocument format (PDF).Several flaws were found in the way Adobe Reader processed malformed PDFfiles. An attacker could create a malicious PDF file which could executearbitrary code if opened by a victim. (CVE-2007-5659, CVE-2007-5663,CVE-2007-5666, CVE-2008-0726)A flaw was found in the way the Adobe Reader browser plug-in honoredcertain requests. A malicious PDF file could cause the browser to requestan unauthorized URL, allowing for a cross-site request forgery attack.(CVE-2007-0044)A flaw was found in Adobe Reader's JavaScript API DOC.print function. Amalicious PDF file could silently trigger non-interactive printing of thedocument, causing multiple copies to be printed without the users consent.(CVE-2008-0667)Additionally, this update fixes multiple unknown flaws in Adobe Reader.When the information regarding these flaws is made public by Adobe, it willbe added to this advisory. (CVE-2008-0655)Note: Adobe have yet to release security fixed versions of Adobe 7. Allusers of Adobe Reader are, therefore, advised to install these updatedpackages. They contain Adobe Reader version 8.1.2, which is not vulnerableto these issues.

Solution(s)

  • centos-upgrade-acroread-plugin

References

  • centos-upgrade-acroread-plugin

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;