Vulnerability details :
 
Adobe Acrobat Reader Plugin PDF URL Memory Corruption DoS 
 
     Fiche

Fiche créée le 2007-01-24 04:26:52, dernière mise à jour le 2010-11-04 19:48:23

Acrobat contains a flaw that may allow a remote denial of service. The issue is triggered when the plugin is used with Internet Explorer and processes a malformed URL, and will result in loss of availability for the browser.


http://site.com/file.pdf#####...(More '#')

 
Adobe Systems Incorporated    7.0.7  Affected
Adobe Systems Incorporated    7.0.1  Affected
Adobe Systems Incorporated    7.0.2  Affected
Adobe Systems Incorporated    7.0.8  Affected
Adobe Systems Incorporated    7.0.3  Affected
Adobe Systems Incorporated    7.0.6  Affected
Adobe Systems Incorporated    7.0.4  Affected
Adobe Systems Incorporated    7.0.5  Affected
Adobe Systems Incorporated    7.0  Affected
Adobe Systems Incorporated    7.0.1  Affected
Adobe Systems Incorporated    7.0.2  Affected
Adobe Systems Incorporated    7.0  Affected
Adobe Systems Incorporated     7.0.3  Affected
Adobe Systems Incorporated     7.0.4  Affected
Adobe Systems Incorporated     7.0.5  Affected
Adobe Systems Incorporated     7.0.6  Affected
Adobe Systems Incorporated     7.0.7  Affected
Adobe Systems Incorporated     7.0.8  Affected
 
Attack Type :  Input Manipulation
 XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding.
 Découvert le 2007-01-03 07:00:00
 
Attack Type :  Denial of Service
 saturation flood, crash, lock up, forced reboot.
 
Disclosure :  Vendor Verified
 Confirmé le 2007-01-03 07:00:00
 
Disclosure :  Coordinated Disclosure
 
Exploit :  Exploit Public
 Exploit découvert le 1970-01-01 07:00:00
 
Impact :  Loss of Integrity
 Assurance that data is unaltered by unauthorized persons. Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc.
 
Impact :  Loss of Availability
 Assurance of timely and reliable access to data. Examples: any DoS attack of any kind, unauthorized file deletion, etc. anything that can cause the availability of a service or information to be impacted.
 
Location :  Remote / Network Access
 If network access if required and exploit can be done remotely.
 
Solution :  Upgrade

 Upgrade to version 7.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
 Solution découverte le 1970-01-01 07:00:00
 
 
External refs :
OSVDB  31596
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 
 
 
 

 
 


Free consultation (search)
 
  Fill one or some of the fields below :
   
Vendor
 
Title
 
Vulnerability ref.
 
 
   
 
   
Individual alerts
 
You determine with one profile dynamic and assisted, all your material and software equipment.
We shall inform you then automatically, as soon as a notification of security will concern one or several elements of it profile.
Every notification is definite, consists of numerous information to determine risk and to protect itself from it.
 
Login:
Pass:
 
Free online subscription
© Power4Security.com - BMS Ltd UK 2007-2008 - powered by Power4Website.com
Partenaires : Anti-spam - Hébergement France - MySQL Php Suisse - Hosting Canada - Web Php Maroc - WebmasterMalin
Guide de l'affiliation - Guide du paiement électronique et de l'e-currency - Annuaire du Web - Solution e-commerce - Externalisation et outsourcing
e-Marketing et e-Mailing - Comparaison de services - Comparateur Marchands - Bons plans par email - Tests de personnalité et de QI
SMS API - Forums et Petites Annonces Gratuites - Rencontres - Sonneries - Offres du Web - Arrêter de fumer - Guide des mobiles et PDA