漏洞信息详情
Adobe Acrobat Reader Plugin多个跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200701-005
- 危害等级: 高危
- CVE编号: CVE-2007-0045
- 漏洞类型: 跨站脚本
- 发布时间: 2007-01-03
- 威胁类型: 远程
- 更新时间: 2009-02-05
- 厂 商: adobe
- 漏洞来源: Stefano Di Paola a...
漏洞简介
Adobe Acrobat Reader是Adobe公司开发的一款优秀的PDF文档阅读软件。 基于Windows平台,用于Mozilla Firefox,Microsoft Internet Explorer 6 SP1,Google CMS.zone.ci/e/tags/htag.php?tag=Chrome target=_blank class=infotextkey>Chrome,Opera 8.5.4 build 770和Opera 9.10.8679的Adobe Acrobat Reader Plugin 8.0.0之前版本中存在多个跨站脚本攻击漏洞。远程攻击者可借助带有Javascript的.pdf URL或带有FDF,XML和XFDF AJAX参数的res: URI或任意命名的name=URI锚标识符,注入任意web脚本或HTML。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-121104-02-1"
参考网址
来源: US-CERT
名称: TA09-286B
链接:http://www.us-cert.gov/cas/techalerts/TA09-286B.HTML
来源: US-CERT
名称: VU#815960
链接:http://www.kb.cert.org/vuls/id/815960
来源: MISC
链接:http://www.wisec.it/vulns.php?page=9
来源: REDHAT
名称: RHSA-2007:0017
链接:https://rhn.redhat.com/errata/RHSA-2007-0017.HTML
来源: XF
名称: adobe-acrobat-pdf-xss(31271)
链接:http://xforce.iss.net/xforce/xfdb/31271
来源: VUPEN
名称: ADV-2009-2898
链接:http://www.vupen.com/english/advisories/2009/2898
来源: BID
名称: 21858
链接:http://www.securityfocus.com/bid/21858
来源: BUGTRAQ
名称: 20070104 Universal PDF XSS After Party
链接:http://www.securityfocus.com/archive/1/archive/1/455906/100/0/threaded
来源: BUGTRAQ
名称: 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/455801/100/0/threaded
来源: BUGTRAQ
名称: 20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
链接:http://www.securityfocus.com/archive/1/455836/100/0/threaded
来源: BUGTRAQ
名称: 20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
链接:http://www.securityfocus.com/archive/1/455831/100/0/threaded
来源: BUGTRAQ
名称: 20070103 Re: Universal XSS with PDF files: highly dangerous
链接:http://www.securityfocus.com/archive/1/455800/100/0/threaded
来源: BUGTRAQ
名称: 20070103 Universal XSS with PDF files: highly dangerous
链接:http://www.securityfocus.com/archive/1/455790/100/0/threaded
来源: REDHAT
名称: RHSA-2007:0021
链接:http://www.redhat.com/support/errata/RHSA-2007-0021.HTML
来源: www.mozilla.org
链接:http://www.mozilla.org/security/announce/2007/mfsa2007-02.HTML
来源: MISC
链接:http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
来源: www.gnucitizen.org
链接:http://www.gnucitizen.org/blog/danger-danger-danger/
来源: VUPEN
名称: ADV-2007-0957
链接:http://www.frsirt.com/english/advisories/2007/0957
来源: VUPEN
名称: ADV-2007-0032
链接:http://www.frsirt.com/english/advisories/2007/0032
来源: MISC
链接:http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
来源: www.adobe.com
链接:http://www.adobe.com/support/security/bulletins/apsb09-15.HTML
来源: www.adobe.com
链接:http://www.adobe.com/support/security/bulletins/apsb07-01.HTML
来源: www.adobe.com
链接:http://www.adobe.com/support/security/advisories/apsa07-02.HTML
来源: www.adobe.com
链接:http://www.adobe.com/support/security/advisories/apsa07-01.HTML
来源: SUNALERT
名称: 102847
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
来源: SECTRACK
名称: 1023007
链接:http://securitytracker.com/id?1023007
来源: SECTRACK
名称: 1017469
链接:http://securitytracker.com/id?1017469
来源: GENTOO
名称: GLSA-200701-16
链接:http://security.gentoo.org/glsa/glsa-200701-16.xml
来源: SECUNIA
名称: 33754
链接:http://secunia.com/advisories/33754
来源: SECUNIA
名称: 24533
链接:http://secunia.com/advisories/24533
来源: SECUNIA
名称: 23882
链接:http://secunia.com/advisories/23882
来源: SECUNIA
名称: 23877
链接:http://secunia.com/advisories/23877
来源: SECUNIA
名称: 23812
链接:http://secunia.com/advisories/23812
来源: SECUNIA
名称: 23691
链接:http://secunia.com/advisories/23691
来源: SECUNIA
名称: 23483
链接:http://secunia.com/advisories/23483
来源: SUSE
名称: SUSE-SA:2007:011
链接:http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.HTML
来源: GoogleCMS.zone.ci/e/tags/htag.php?tag=Chrome target=_blank class=infotextkey>Chromereleases.blogspot.com
链接:http://GoogleCMS.zone.ci/e/tags/htag.php?tag=Chrome target=_blank class=infotextkey>Chromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.HTML
来源: SLACKWARE
名称: SSA:2007-066-05
链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
来源: SREASON
名称: 2090
链接:http://securityreason.com/securityalert/2090
来源: SECUNIA
名称: 24457
链接:http://secunia.com/advisories/24457
来源: HP
名称: HPSBUX02153
链接:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
受影响实体
- Adobe Acrobat_reader:7.0.2
- Adobe Acrobat_reader:7.0.3
- Adobe Acrobat_reader:7.0.4
- Adobe Acrobat_reader:7.0.5
- Adobe Acrobat_reader:7.0.6
补丁
暂无
评论