Check Point Advisories

Update Protection against Multiple Adobe Acrobat Vulnerabilities

Check Point Reference: CPAI-2007-008
Date Published: 21 Jan 2007
Severity: Critical
Last Updated: Monday 30 April, 2007
Source: FrSIRT/ADV-2007-0032
Industry Reference:CVE-2007-0044 
CVE-2007-0045 
CVE-2007-0046 
CVE-2007-0047 
CVE-2007-0048
Protection Provided by:
Who is Vulnerable? Adobe Reader version 7.0.8 and prior
Adobe Acrobat Standard version 7.0.8 and prior
Adobe Acrobat Professional version 7.0.8 and prior
Adobe Acrobat Elements version 7.0.8 and prior
Vulnerability Description Adobe Acrobat Reader is a popular product that allows the viewing, searching, digitally signing, verifying and printing of Adobe Portable Document Format (PDF) files.  Adobe Acrobat Reader is prone to multiple vulnerabilities. An attacker can exploit these vulnerabilities to cause denial of service, execute arbitrary code and take control of an affected system.
Update/Patch AvaliableUpgrade to Adobe Reader version 8:
http://www.adobe.com/products/acrobat/readstep2.html
Vulnerability DetailsSeveral vulnerabilities were reported in Adobe Acrobat Reader:

CVE-2007-0044: A vulnerability in Adobe Acrobat Reader browser plug-in allows remote attackers to force the browser to make unauthorized requests of arbitrary URLs via a specially crafted URL in several request parameters. This allows attackers to perform CSRF attacks.

CVE-2007-0045: An input validation error in Adobe Acrobat Reader browser plug-in allows remote attackers to conduct cross-site scripting via a specially crafted '.PDF' URL.

CVE-2007-0046: Double free error in the Adobe Acrobat Reader browser plug-in when handling malformed parameters passed to a PDF document allows remote attackers to execute arbitrary code via a specially crafted URL.

CVE-2007-0047: A flaw in Adobe Acrobat Reader browser plug-in in Microsoft Internet Explorer, allows remote attackers to inject arbitrary HTTP headers via CRLF sequences.
 
CVE-2007-0048: A memory corruption error in Adobe Acrobat Reader plug-in in Microsoft Internet Explorer allows remote attackers to cause a denial of service via an overly long sequence of characters appended to a PDF URL.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK