Check Point Advisories

Update Protection against Multiple Adobe Acrobat Vulnerabilities

Vulnerability
Protection

Check Point Reference:	CPAI-2007-008
Date Published:	21 Jan 2007
Severity:	Critical
Last Updated:	Monday 30 April, 2007
Source:	FrSIRT/ADV-2007-0032
Industry Reference:	CVE-2007-0044  CVE-2007-0045  CVE-2007-0046  CVE-2007-0047  CVE-2007-0048
Protection Provided by:
Who is Vulnerable?	Adobe Reader version 7.0.8 and prior Adobe Acrobat Standard version 7.0.8 and prior Adobe Acrobat Professional version 7.0.8 and prior Adobe Acrobat Elements version 7.0.8 and prior
Vulnerability Description	Adobe Acrobat Reader is a popular product that allows the viewing, searching, digitally signing, verifying and printing of Adobe Portable Document Format (PDF) files. Adobe Acrobat Reader is prone to multiple vulnerabilities. An attacker can exploit these vulnerabilities to cause denial of service, execute arbitrary code and take control of an affected system.
Update/Patch Avaliable	Upgrade to Adobe Reader version 8: http://www.adobe.com/products/acrobat/readstep2.html
Vulnerability Details	Several vulnerabilities were reported in Adobe Acrobat Reader: CVE-2007-0044: A vulnerability in Adobe Acrobat Reader browser plug-in allows remote attackers to force the browser to make unauthorized requests of arbitrary URLs via a specially crafted URL in several request parameters. This allows attackers to perform CSRF attacks. CVE-2007-0045: An input validation error in Adobe Acrobat Reader browser plug-in allows remote attackers to conduct cross-site scripting via a specially crafted '.PDF' URL. CVE-2007-0046: Double free error in the Adobe Acrobat Reader browser plug-in when handling malformed parameters passed to a PDF document allows remote attackers to execute arbitrary code via a specially crafted URL. CVE-2007-0047: A flaw in Adobe Acrobat Reader browser plug-in in Microsoft Internet Explorer, allows remote attackers to inject arbitrary HTTP headers via CRLF sequences.   CVE-2007-0048: A memory corruption error in Adobe Acrobat Reader plug-in in Microsoft Internet Explorer allows remote attackers to cause a denial of service via an overly long sequence of characters appended to a PDF URL.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our .