5961 matches found
Adobe Acrobat Reader acroread创建不安全临时文件漏洞
BUGTRAQ ID: 28091 CVECAN ID: CVE-2008-0883 Acrobat Reader是一款流行的PDF文件阅读器。 Adobe Reader的acroread脚本在处理installCertificate选项时没有安全地处理临时文件,这允许本地攻击者通过符号链接攻击结合竞争条件覆盖或删除任意文件。 Adobe Acrobat Reader 8.1.2 厂商补丁: Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://support.novell.com/linux/psdb/sources.html...
GLSA-200803-01 : Adobe Acrobat Reader: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200803-01 Adobe Acrobat Reader: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Adobe Acrobat Reader, including: A file disclosure when using file:// in PDF documents CVE-2007-1199 Multiple buffer overflo...
SuSE 10 Security Update : acroread (ZYPP Patch Number 5042)
Adobe Acrobat Reader 8.1.2 contained a /tmp race in its 'acroread' wrapper script in the SSL certificate handling. CVE-2008-0883 Furthermore it contained several duplicated copies of system libraries, which have been removed for this update to make sure they are up-to-date security wise by using...
acroread: silent print vulnerability
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655...
Acrobat Reader Universal CSRF and session riding
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the 1 FDF, 2 xml, and 3 xfdf AJAX request parameters, following the hash character, aka...
SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5010)
This version update to 8.1.2 fixes numerous bugs, including some security problems. CVE-2008-0667 / CVE-2008-0655 / CVE-2008-0726 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
SuSE 10 Security Update : acroread (ZYPP Patch Number 2508)
The Adobe Acrobat Reader has been updated to version 7.0.9. This update also includes following security fixes : - A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. CVE-2006-5857 - Universal cross-site request forgery CSRF problems were fixed in...
SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 2545)
The Adobe Acrobat Reader Japanese version has been updated to version 7.0.9. This update also includes following security fixes : - A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. CVE-2006-5857 - Universal cross-site request forgery CSRF...
Microsoft Windows ShellExecute and IE7 URL Handling Code Execution (MS07-061; CVE-2007-3896)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Windows Internet Explorer 7. The vulnerability occurs when Windows does not correctly handle specially crafted URLs or URIs that are passed to it. There are a...
openSUSE 10 Security Update : acroread (acroread-1690)
Various unspecified security problems have been fixed in Acrobat Reader version 7.0.8 CVE-2006-3093, contained in this update. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update acroread-1690. Th...
openSUSE 10 Security Update : acroread (acroread-2506)
The Adobe Acrobat Reader has been updated to version 7.0.9. This update also includes following security fixes : CVE-2006-5857: A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. CVE-2007-0044: Universal Cross Site Request Forgery CSRF problems...
urihandlexp.txt
Hello, the URI handling problem on Windows XP systems with IE 7 installed hits a lot of applications, not only Firefox and mIRC -- namely Skype, Acrobat Reader, Miranda, Netscape. To recap: with the installation of IE 7 Microsoft changes the handling of URLs that are passed to the operating syste...
Microsoft Windows - URI Handler Command Execution
Microsoft Windows - URI Handler Command Execution source: https://www.securityfocus.com/bid/25945/info Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input. Successfully exploiting this issue allows...
Microsoft Windows URI Handler Command Execution Vulnerability
Description Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicio...
Microsoft Windows - URI Handler Command Execution
source: https://www.securityfocus.com/bid/25945/info Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in...
Acrobat Reader plugin DoS
Request to PDF file with large number of n causes CPU and memory exhaustion...
Adobe Acrobat/Adobe Reader信息泄露漏洞
Adobe Acrobat和Adobe Reader都是非常流行的PDF文件阅读器。 Adobe Reader或Adobe Acrobat打开恶意PDF文件时可能会启动file:// URL,这可能导致读取系统上的任意文件并发送给攻击者。 Adobe Acrobat Professional 8.0.0 Adobe Adobe Reader Professional 8.0.0 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.adobe.com...
SUSE-SA:2007:011: acroread
The remote host is missing the patch for the advisory SUSE-SA:2007:011 acroread. The Adobe Acrobat Reader has been updated to version 7.0.9. This update also includes following security fixes: CVE-2006-5857: A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to cod...
GLSA-200701-16 : Adobe Acrobat Reader: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200701-16 Adobe Acrobat Reader: Multiple vulnerabilities Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code execution via heap corruption when loading a specially crafted PDF file. The browser plugin released wi...
security flaw
Multiple cross-site scripting XSS vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770...