Boletines de Vulnerabilidades |
Cross-site scripting en Adobe Acrobat |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Probado |
Impacto | Aumento de la visibilidad |
Dificultad | Principiante |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | Comercial Software |
Software afectado |
Windows XP SP1 / Internet Explorer 6 / Acrobat 7 Windows XP SP2 / Internet Explorer 6 / Acrobat 4 Windows XP / Firefox 2.0.0.1 / Acrobat 7.0.8 |
Descripción |
|
Se ha descubierto una vulnerabilidad en Adobe Reader. La vulnerabilidad reside en que archivos PDF no son manejados correctamente por los plugins de los navegadores antes de que le lleguen al usuario. Un atacante remoto podría ejecutar código script arbitrario en el navegador del usuario mediante cross-site scripting. |
|
Solución |
|
Actualización de software Adobe Reader Actualizar a la versión 8.0.0. http://www.adobe.com/go/getreader Adobe (APSA07-02) Se disponen de nuevos métodos de actualización en: http://www.adobe.com/go/apsb07-01 http://www.adobe.com/support/security/advisories/apsa07-02.html Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Sun(102847) De momento, no existe parche oficial para esta vulnerabilidad. http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.dsc http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.diff.gz http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_alpha.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_alpha.deb AMD64 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_amd64.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_amd64.deb ARM http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_arm.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_arm.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_arm.deb HP Precision http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_hppa.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_i386.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_i386.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_ia64.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_m68k.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mips.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mips.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mipsel.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_powerpc.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_s390.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_s390.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_sparc.deb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_sparc.deb |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2007-0045 |
BID | |
Recursos adicionales |
|
Symantec Security Response Weblog http://www.symantec.com/enterprise/security_response/weblog/2007/01/when_pdfs_attack.html Secunia (SA23483) http://secunia.com/advisories/23483/ Adobe Security advisory (APSA07-01) http://www.adobe.com/support/security/advisories/apsa07-01.html Adobe Security advisory (APSA07-02) http://www.adobe.com/support/security/advisories/apsa07-02.html SUSE Security Advisory (SUSE-SA:2007:011) http://www.novell.com/linux/security/advisories/2007_11_acroread.html Sun Alert Notification (102847) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1 Debian Security Advisory (DSA 1336-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00097.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2007-01-04 |
1.1 | Aviso emitido por Adobe (APSA07-01), CVE añadido | 2007-01-05 |
1.2 | Aviso emitido por Adobe (APSA07-02) | 2007-01-12 |
1.3 | Aviso emitido por Suse (SUSE-SA:2007:011) | 2007-01-30 |
1.4 | Aviso emitido por Sun (102847) | 2007-03-15 |
1.5 | Aviso emitido por Debian (DSA 1336-1) | 2007-07-24 |