Check Point Advisories

Update Protection against Adobe Reader Extensions Vulnerabilities

Check Point Reference: CPAI-2006-056
Date Published: 6 Jun 2006
Severity: Medium
Last Updated: Monday 07 May, 2007
Source: Secunia Research
Industry Reference:CVE-2006-1627
Protection Provided by:
Who is Vulnerable? Adobe Document Server for Reader Extensions 6.0
Vulnerability Description Several vulnerabilities have been identified with Adobe Document Server for Reader Extensions 6.0. These vulnerabilities could allow an attacker to disclose sensitive information or conduct cross-site scripting attacks.
Update/Patch AvaliableUpgrade to the current version of Adobe Document Server for Reader Extensions :
http://www.adobe.com/products/server/readerextensions/main.html
Vulnerability Details1. Missing access control restrictions in the Adobe Document Server for Reader Extensions (ads-readerext) can be exploited by authenticated attackers to access files by manipulating the "actionID" and "pageID" parameters.
2. Input passed to the "actionID" parameter in ads-readerext and the "op" parameter in Adobe Server Web Services (AlterCast) is not properly sanitised before being returned to users. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK