CVE-2007-5663

Related Files

Gentoo Linux Security Advisory 200803-1

Posted Mar 3, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200803-01:04 - Adobe Acrobat Reader is vulnerable to remote code execution, Denial of Service, and cross-site request forgery attacks. Versions less than 8.1.2 are affected.

tags | advisory, remote, denial of service, code execution, csrf

systems | linux, gentoo

advisories | CVE-2007-1199, CVE-2007-5659, CVE-2007-5663, CVE-2007-5666, CVE-2008-0655, CVE-2008-0667, CVE-2008-0726

SHA-256 | 3b620d56e2d1802267a0433a31893c83d5b29b6e044a17c553f561841201749d

Download | Favorite | View

iDEFENSE Security Advisory 2008-02-08.1

Posted Feb 11, 2008

Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 02.08.08 - Remote exploitation of an insecure method exposed by the JavaScript library in Adobe Reader and Acrobat could allow an attacker to execute arbitrary code as the current user. Adobe Reader and Acrobat implement a version of JavaScript in the EScript.api plug-in which is based on the reference implementation used in Mozilla products. One of the methods exposed allows direct control over low level features of the object, which in turn allows execution of arbitrary code. iDefense has confirmed this vulnerability exists in Adobe Reader 8.1 on Windows XP SP2. It is likely that other Adobe products that handle PDF files, including previous versions of Adobe Reader, are also affected.

tags | advisory, remote, arbitrary, javascript

systems | windows

advisories | CVE-2007-5663

SHA-256 | dbaad2878fa40c352148186c8e60fdaec85df78c429b573508d0ec0a58af0de5

Download | Favorite | View