9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.963 High
EPSS
Percentile
99.4%
The Adobe Acrobat Reader allows users to view and print documents in
portable document format (PDF).
A cross site scripting flaw was found in the way the Adobe Reader Plugin
processes certain malformed URLs. A malicious web page could inject
arbitrary javascript into the browser session which could possibly lead to
a cross site scripting attack. (CVE-2007-0045)
Two arbitrary code execution flaws were found in the way Adobe Reader
processes malformed document files. It may be possible to execute arbitrary
code on a victim’s machine if the victim opens a malicious PDF file.
(CVE-2006-5857, CVE-2007-0046)
All users of Acrobat Reader are advised to upgrade to these updated
packages, which contain Acrobat Reader version 7.0.9 and are not vulnerable
to these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | acroread | < 7.0.9-1.2.0.EL4 | acroread-7.0.9-1.2.0.EL4.i386.rpm |