Vulnerability Bulletins |
Cross-site scripting en Adobe Acrobat |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Probado |
| Impact | Aumento de la visibilidad |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software |
Windows XP SP1 / Internet Explorer 6 / Acrobat 7 Windows XP SP2 / Internet Explorer 6 / Acrobat 4 Windows XP / Firefox 2.0.0.1 / Acrobat 7.0.8 |
Description |
|
|
Se ha descubierto una vulnerabilidad en Adobe Reader. La vulnerabilidad reside en que archivos PDF no son manejados correctamente por los plugins de los navegadores antes de que le lleguen al usuario. Un atacante remoto podría ejecutar código script arbitrario en el navegador del usuario mediante cross-site scripting. |
|
Solution |
|
|
Actualización de software Adobe Reader Actualizar a la versión 8.0.0. http://www.adobe.com/go/getreader Adobe (APSA07-02) Se disponen de nuevos métodos de actualización en: http://www.adobe.com/go/apsb07-01 http://www.adobe.com/support/security/advisories/apsa07-02.html Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Sun(102847) De momento, no existe parche oficial para esta vulnerabilidad. http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.dsc http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.diff.gz http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_alpha.deb AMD64 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_amd64.deb ARM http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_arm.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_arm.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_arm.deb HP Precision http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_i386.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_i386.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mips.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mips.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_s390.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_s390.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_sparc.deb |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-0045 |
| BID | |
Other resources |
|
|
Symantec Security Response Weblog http://www.symantec.com/enterprise/security_response/weblog/2007/01/when_pdfs_attack.html Secunia (SA23483) http://secunia.com/advisories/23483/ Adobe Security advisory (APSA07-01) http://www.adobe.com/support/security/advisories/apsa07-01.html Adobe Security advisory (APSA07-02) http://www.adobe.com/support/security/advisories/apsa07-02.html SUSE Security Advisory (SUSE-SA:2007:011) http://www.novell.com/linux/security/advisories/2007_11_acroread.html Sun Alert Notification (102847) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1 Debian Security Advisory (DSA 1336-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00097.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-01-04 |
| 1.1 | Aviso emitido por Adobe (APSA07-01), CVE añadido | 2007-01-05 |
| 1.2 | Aviso emitido por Adobe (APSA07-02) | 2007-01-12 |
| 1.3 | Aviso emitido por Suse (SUSE-SA:2007:011) | 2007-01-30 |
| 1.4 | Aviso emitido por Sun (102847) | 2007-03-15 |
| 1.5 | Aviso emitido por Debian (DSA 1336-1) | 2007-07-24 |