6.5 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.0%
Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the “Update Download Site” section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.
CPE | Name | Operator | Version |
---|---|---|---|
adobe:document_server | adobe document server | eq | 6.0 |
secunia.com/advisories/15924
secunia.com/secunia_research/2005-68/advisory/
www.adobe.com/support/techdocs/322699.html
www.osvdb.org/24588
www.securityfocus.com/archive/1/430869/100/0/threaded
www.securityfocus.com/bid/17500
www.vupen.com/english/advisories/2006/1342
exchange.xforce.ibmcloud.com/vulnerabilities/25770