CERTA-2007-AVI-003
Vulnerability from certfr_avis

None

Description

Plusieurs vulnérabilités touchent le greffon Adobe Acrobat Reader, et ceci quelque soit le navigateur utilisé. Ces vulnérabilités permettent à une personne malintentionnée qui les exploiterait de conduire des attaques par exécution croisée de code (Cross Site Scripting), par découpage de réponse HTTP (HTTP Response Splitting) ou par exécution forcée de code arbitraire à distance.

Solution

Remplacer la version actuelle par la version 8.0.0 (cf. section Documentation).

None
Impacted products
Vendor Product Description
Adobe Acrobat Reader Adobe Reader 7.x.
Adobe Acrobat Reader Adobe Reader 6.x ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Reader 7.x.",
      "product": {
        "name": "Acrobat Reader",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Reader 6.x ;",
      "product": {
        "name": "Acrobat Reader",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s touchent le greffon Adobe Acrobat Reader, et\nceci quelque soit le navigateur utilis\u00e9. Ces vuln\u00e9rabilit\u00e9s permettent \u00e0\nune personne malintentionn\u00e9e qui les exploiterait de conduire des\nattaques par ex\u00e9cution crois\u00e9e de code (Cross Site Scripting), par\nd\u00e9coupage de r\u00e9ponse HTTP (HTTP Response Splitting) ou par ex\u00e9cution\nforc\u00e9e de code arbitraire \u00e0 distance.\n\n## Solution\n\nRemplacer la version actuelle par la version 8.0.0 (cf. section\nDocumentation).\n",
  "cves": [],
  "initial_release_date": "2007-01-04T00:00:00",
  "last_revision_date": "2007-01-04T00:00:00",
  "links": [
    {
      "title": "Page de t\u00e9l\u00e9chargement de la nouvelle version d\u0027Acrobat    Reader :",
      "url": "http://www.adobe.com/products/acrobat/readstep2.html"
    }
  ],
  "reference": "CERTA-2007-AVI-003",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution crois\u00e9e de code ( cross site scripting )"
    },
    {
      "description": "D\u00e9coupage de r\u00e9ponse http ( http response splitting )"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s du greffon Adobe Acrobat Reader",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VU#815960 de l\u0027US-CERT",
      "url": "http://www.kb.cert.org/vuls/id/815960"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.