HighProventia Network IPS, Proventia Desktop, RealSecure Desktop, Proventia Network IDS, Proventia-G 1.1 and earlier, IBM Security Server Protection for Windows, Proventia Network MFS, RealSecure Server Sensor, RealSecure Network, BlackICE PC Protection, BlackICE Server Protection, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature detects '.pdf#' followed by 'javascript:' in a URI
High
Proventia Network IPS: XPU 1.94, Proventia Desktop: 1950, RealSecure Desktop: eqa, Proventia Network IDS: XPU 24.55, Proventia-G 1.1 and earlier: XPU 24.55, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.1950, Proventia Network MFS: XPU 1.94, RealSecure Server Sensor: XPU 24.55, RealSecure Network: XPU 24.55, BlackICE PC Protection: 3.6cqa, BlackICE Server Protection: 3.6.cqa, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.94
Gentoo Linux, SuSE Linux Enterprise Server: 8, Adobe Acrobat Reader: 6.0.1, SuSE SuSE SLES: 9, Adobe Acrobat Reader: 6.0, Adobe Acrobat Reader: 6.0.2, Novell Linux Desktop: 9, Adobe Acrobat Reader: 7.0, Adobe Acrobat Reader: 7.0.1, Adobe Acrobat Reader: 7.0.2, SUSE SuSE Linux: 10.0, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, SUSE SuSE Linux: 10.1, SuSE SuSE SLED: 10, Adobe Acrobat 3D, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Adobe Acrobat Reader: 6.0.3, Adobe Acrobat Reader: 6.0.4, Adobe Acrobat Reader: 6.0.5, Adobe Acrobat Reader: 7.0.3, Adobe Acrobat Reader: 7.0.4, Adobe Acrobat Reader: 7.0.5, Adobe Acrobat Reader: 7.0.6, Adobe Acrobat Reader: 7.0.7, Adobe Acrobat Reader: 7.0.8, Novell OpenSUSE: 10.2, SUSE SuSE Linux: 9.3, Adobe Acrobat Reader Plugin: 7.0.8, Adobe Acrobat: 7.0 Standard, Adobe Acrobat: 7.0 Professional, Adobe Acrobat: 7.0.1 Standard, Adobe Acrobat: 7.0.1 Professional, Adobe Acrobat: 7.0.2 Standard, Adobe Acrobat: 7.0.2 Professional, Adobe Acrobat: 7.0.3 Standard, Adobe Acrobat: 7.0.3 Professional, Adobe Acrobat: 7.0.4 Standard, Adobe Acrobat: 7.0.4 Professional, Adobe Acrobat: 7.0.5 Standard, Adobe Acrobat: 7.0.5 Professional, Adobe Acrobat: 7.0.6 Standard, Adobe Acrobat: 7.0.6 Professional, Adobe Acrobat: 7.0.7 Standard, Adobe Acrobat: 7.0.7 Professional, Adobe Acrobat: 7.0.8 Standard, Adobe Acrobat: 7.0.8 Professional, Adobe Acrobat Elements: 7.0.8
Unauthorized Access Attempt
The Adobe Acrobat Reader Plugin is vulnerable to a cross-site request forgery, caused by improper validation of input passed to PDF documents. A remote attacker could exploit this vulnerability using the FDF, XML, or XFDF parameter in a specially-crafted URL to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities, if the attacker could persuade the victim to click the URL.
In certain Adobe versions and browser settings, this vulnerability could allow remote code execution.
Upgrade to the latest version of the Adobe Acrobat Reader Plugin (8.0.0 or later), available from the Adobe Acrobat Reader Plugin Web site. See References.
For SUSE Linux (Acrobat Reader):
Refer to SUSE-SA:2007:011 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
US-CERT Vulnerability Note VU#815960
Adobe Acrobat Plug-In cross domain violation
http://www.kb.cert.org/vuls/id/815960
Full-Disclosure Mailing List, Wed Jan 03 2007 - 11:22:49 CST
Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0062.html
SA23483
Adobe Reader Cross-Site Scripting Vulnerability
http://secunia.com/advisories/23483/
FrSIRT/ADV-2007-0032
Adobe Acrobat Reader Plugin Cross Site Scripting and Command Execution Vulnerabilities
http://www.frsirt.com/english/advisories/2007/0032
Adobe Acrobat Reader Plugin Web site
Adobe - Reader
http://www.adobe.com/products/reader/
SUSE-SA:2007:011
Acrobat Reader 7.0.9 update
http://www.novell.com/linux/security/advisories/2007_11_acroread.html
ISS X-Force
Adobe Acrobat Reader Plugin PDF cross-site request forgery
http://www.iss.net/security_center/static/31266.php
CVE
CVE-2007-0044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0044