Update Protection against Adobe Reader Plugin Cross-site Scripting Vulnerability (APSB07-01)
| Check Point Reference: | CPAI-2010-011 | |
| Date Published: | ||
| Severity: | ||
| Source: | Adobe Security Bulletin - APSB07-01 | |
| Industry Reference(s): | CVE-2007-0045 CVE-2007-0048 |
|
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Adobe Reader 7.0.8 and earlier versions Adobe Acrobat Standard, Professional and Elements 7.0.8 and earlier versions Adobe Acrobat 3D | ||
| Vulnerability Description Multiple cross-site scripting (XSS) vulnerabilities have been discovered in Adobe Reader and Acrobat Plugin when used with various Web browsers. Cross-site scripting occurs when a Web-based application fails to validate user input before returning it to the client's browser. This enables attackers to inject malicious content into Web pages to be executed in the context of the user's browser. A remote attacker could exploit these issues to execute a cross-site scripting attack or cause a denial of service condition. |
||
|
Update/Patch Available Apply patches: Adobe Security Bulletin - APSB07-01 |
|
|
Vulnerability Details The vulnerabilities are due to an error in the Adobe Acrobat Reader Plugin. CVE-2007-0045: Successful exploitation of this issue allows remote attackers to inject arbitrary JavaScript and conduct other attacks via a malformed PDF URL. CVE-2007-0048: Successful exploitation of this issue allows remote attackers to cause a denial of service condition via a long sequence of hash characters appended to a PDF URL. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.