ID CVE-2006-5857
Summary Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.
References
Vulnerable Configurations
  • Adobe Acrobat 3.0
    cpe:2.3:a:adobe:acrobat:3.0
  • cpe:2.3:a:adobe:acrobat:3.1
  • cpe:2.3:a:adobe:acrobat:4.0
  • Adobe Acrobat 4.0.5
    cpe:2.3:a:adobe:acrobat:4.0.5
  • cpe:2.3:a:adobe:acrobat:4.0.5a
  • cpe:2.3:a:adobe:acrobat:4.0.5c
  • Adobe Acrobat 5.0
    cpe:2.3:a:adobe:acrobat:5.0
  • Adobe Acrobat 5.0.5
    cpe:2.3:a:adobe:acrobat:5.0.5
  • cpe:2.3:a:adobe:acrobat:5.0.6
  • cpe:2.3:a:adobe:acrobat:5.0.10
  • Adobe Acrobat 6.0
    cpe:2.3:a:adobe:acrobat:6.0
  • Adobe Acrobat 6.0.1
    cpe:2.3:a:adobe:acrobat:6.0.1
  • Adobe Acrobat 6.0.2
    cpe:2.3:a:adobe:acrobat:6.0.2
  • cpe:2.3:a:adobe:acrobat:6.0.3
  • cpe:2.3:a:adobe:acrobat:6.0.4
  • Adobe Acrobat 6.0.5
    cpe:2.3:a:adobe:acrobat:6.0.5
  • cpe:2.3:a:adobe:acrobat:7.0
  • Adobe Acrobat 7.0.1
    cpe:2.3:a:adobe:acrobat:7.0.1
  • cpe:2.3:a:adobe:acrobat:7.0.2
  • Adobe Acrobat 7.0.3
    cpe:2.3:a:adobe:acrobat:7.0.3
  • Adobe Acrobat 7.0.4
    cpe:2.3:a:adobe:acrobat:7.0.4
  • Adobe Acrobat 7.0.5
    cpe:2.3:a:adobe:acrobat:7.0.5
  • cpe:2.3:a:adobe:acrobat:7.0.6
  • Adobe Acrobat 7.0.7
    cpe:2.3:a:adobe:acrobat:7.0.7
  • Adobe Acrobat 7.0.8
    cpe:2.3:a:adobe:acrobat:7.0.8
  • Adobe Acrobat Reader 3.0
    cpe:2.3:a:adobe:acrobat_reader:3.0
  • cpe:2.3:a:adobe:acrobat_reader:4.0
  • Adobe Acrobat Reader 4.0.5
    cpe:2.3:a:adobe:acrobat_reader:4.0.5
  • Adobe Acrobat Reader 4.0.5 a
    cpe:2.3:a:adobe:acrobat_reader:4.0.5a
  • cpe:2.3:a:adobe:acrobat_reader:4.0.5c
  • Adobe Acrobat Reader 4.5
    cpe:2.3:a:adobe:acrobat_reader:4.5
  • cpe:2.3:a:adobe:acrobat_reader:5.0
  • Adobe Acrobat Reader 5.0.5
    cpe:2.3:a:adobe:acrobat_reader:5.0.5
  • Adobe Acrobat Reader 5.0.6
    cpe:2.3:a:adobe:acrobat_reader:5.0.6
  • Adobe Acrobat Reader 5.0.7
    cpe:2.3:a:adobe:acrobat_reader:5.0.7
  • cpe:2.3:a:adobe:acrobat_reader:5.0.9
  • cpe:2.3:a:adobe:acrobat_reader:5.0.10
  • Adobe Acrobat Reader 5.0.11
    cpe:2.3:a:adobe:acrobat_reader:5.0.11
  • cpe:2.3:a:adobe:acrobat_reader:5.1
  • cpe:2.3:a:adobe:acrobat_reader:6.0
  • cpe:2.3:a:adobe:acrobat_reader:6.0.1
  • cpe:2.3:a:adobe:acrobat_reader:6.0.2
  • cpe:2.3:a:adobe:acrobat_reader:6.0.3
  • cpe:2.3:a:adobe:acrobat_reader:6.0.4
  • cpe:2.3:a:adobe:acrobat_reader:6.0.5
  • Adobe Acrobat Reader 7.0
    cpe:2.3:a:adobe:acrobat_reader:7.0
  • cpe:2.3:a:adobe:acrobat_reader:7.0.1
  • Adobe Acrobat Reader 7.0.2
    cpe:2.3:a:adobe:acrobat_reader:7.0.2
  • cpe:2.3:a:adobe:acrobat_reader:7.0.3
  • Adobe Acrobat Reader 7.0.4
    cpe:2.3:a:adobe:acrobat_reader:7.0.4
  • cpe:2.3:a:adobe:acrobat_reader:7.0.5
  • cpe:2.3:a:adobe:acrobat_reader:7.0.6
  • cpe:2.3:a:adobe:acrobat_reader:7.0.7
  • cpe:2.3:a:adobe:acrobat_reader:7.0.8
CVSS
Base: 9.3 (as of 10-01-2007 - 10:00)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200701-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200701-16 (Adobe Acrobat Reader: Multiple vulnerabilities) Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code execution via heap corruption when loading a specially crafted PDF file. The browser plugin released with Adobe Acrobat Reader (nppdf.so) does not properly handle URLs, and crashes if given a URL that is too long. The plugin does not correctly handle JavaScript, and executes JavaScript that is given as a GET variable to the URL of a PDF file. Lastly, the plugin does not properly handle the FDF, xml, xfdf AJAX request parameters following the # character in a URL, allowing for multiple cross-site scripting vulnerabilities. Impact : An attacker could entice a user to open a specially crafted PDF file and execute arbitrary code with the rights of the user running Adobe Acrobat Reader. An attacker could also entice a user to browse to a specially crafted URL and either crash the Adobe Acrobat Reader browser plugin, execute arbitrary JavaScript in the context of the user's browser, or inject arbitrary HTML or JavaScript into the document being viewed by the user. Note that users who have emerged Adobe Acrobat Reader with the 'nsplugin' USE flag disabled are not vulnerable to issues with the Adobe Acrobat Reader browser plugin. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 24252
    published 2007-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24252
    title GLSA-200701-16 : Adobe Acrobat Reader: Multiple vulnerabilities
  • NASL family Windows
    NASL id ADOBE_READER_709.NASL
    description The version of Adobe Reader installed on the remote host is earlier than 7.0.9 / 8.0 and is, therefore, reportedly affected by several security issues, including one that can lead to arbitrary code execution when processing a malicious PDF file.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 24002
    published 2007-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24002
    title Adobe Reader < 6.0.6 / 7.0.9 Multiple Vulnerabilities
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_121104.NASL
    description SunOS 5.10: Adobe Acrobat Reader patch. Date this patch was last updated by Sun : Nov/27/09 This plugin has been deprecated and either replaced with individual 121104 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 22967
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22967
    title Solaris 10 (sparc) : 121104-11 (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ACROREAD-2506.NASL
    description The Adobe Acrobat Reader has been updated to version 7.0.9. This update also includes following security fixes : CVE-2006-5857: A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. CVE-2007-0044: Universal Cross Site Request Forgery (CSRF) problems were fixed in the Acrobat Reader plugin which could be exploited by remote attackers to conduct CSRF attacks using any site that is providing PDFs. CVE-2007-0045: Cross site scripting problems in the Acrobat Reader plugin were fixed, which could be exploited by remote attackers to conduct XSS attacks against any site that is providing PDFs. CVE-2007-0046: A double free problem in the Acrobat Reader plugin was fixed which could be used by remote attackers to potentially execute arbitrary code. Note that all platforms using Adobe Reader currently have counter measures against such attack where it will just cause a controlled abort(). CVE-2007-0047 and CVE-2007-0048 affect only Microsoft Windows and Internet Explorer.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27144
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27144
    title openSUSE 10 Security Update : acroread (acroread-2506)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0021.NASL
    description Updated acroread packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 23 Jan 2007] The previous acroread packages were missing dependencies on the new libraries which could prevent acroread from starting. Replacement acroread packages have been added to this erratum to correct this issue. The Adobe Reader allows users to view and print documents in portable document format (PDF). A cross site scripting flaw was found in the way the Adobe Reader Plugin processes certain malformed URLs. A malicious web page could inject arbitrary javascript into the browser session which could possibly lead to a cross site scripting attack. (CVE-2007-0045) Two arbitrary code execution flaws were found in the way Adobe Reader processes malformed document files. It may be possible to execute arbitrary code on a victim's machine if the victim opens a malicious PDF file. (CVE-2006-5857, CVE-2007-0046) Please note that Adobe Reader 7.0.9 requires versions of several system libraries that were not shipped with Red Hat Enterprise Linux 3. This update contains additional packages that provide the required system library versions for Adobe Reader. These additional packages are only required by Adobe Reader and do not replace or affect any other aspects of a Red Hat Enterprise Linux 3 system. All users of Adobe Reader are advised to upgrade to these updated packages, which contain Adobe Reader version 7.0.9 and additional libraries to correct these issues.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 63836
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63836
    title RHEL 3 : Adobe Acrobat Reader (RHSA-2007:0021)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_121104-11.NASL
    description SunOS 5.10: Adobe Acrobat Reader patch. Date this patch was last updated by Sun : Nov/27/09
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107373
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107373
    title Solaris 10 (sparc) : 121104-11
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ACROREAD-2508.NASL
    description The Adobe Acrobat Reader has been updated to version 7.0.9. This update also includes following security fixes : - A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. (CVE-2006-5857) - Universal cross-site request forgery (CSRF) problems were fixed in the Acrobat Reader plugin which could be exploited by remote attackers to conduct CSRF attacks using any site that is providing PDFs. (CVE-2007-0044) - Cross-site scripting problems in the Acrobat Reader plugin were fixed, which could be exploited by remote attackers to conduct XSS attacks against any site that is providing PDFs. (CVE-2007-0045) - A double free problem in the Acrobat Reader plugin was fixed which could be used by remote attackers to potentially execute arbitrary code. Note that all platforms using Adobe Reader currently have counter measures against such attack where it will just cause a controlled abort(). (CVE-2007-0046)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 29370
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29370
    title SuSE 10 Security Update : acroread (ZYPP Patch Number 2508)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0017.NASL
    description Updated acroread packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Adobe Acrobat Reader allows users to view and print documents in portable document format (PDF). A cross site scripting flaw was found in the way the Adobe Reader Plugin processes certain malformed URLs. A malicious web page could inject arbitrary javascript into the browser session which could possibly lead to a cross site scripting attack. (CVE-2007-0045) Two arbitrary code execution flaws were found in the way Adobe Reader processes malformed document files. It may be possible to execute arbitrary code on a victim's machine if the victim opens a malicious PDF file. (CVE-2006-5857, CVE-2007-0046) All users of Acrobat Reader are advised to upgrade to these updated packages, which contain Acrobat Reader version 7.0.9 and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 63835
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63835
    title RHEL 4 : Adobe Acrobat Reader (RHSA-2007:0017)
  • NASL family Windows
    NASL id ADOBE_ACROBAT_709.NASL
    description The version of Adobe Acrobat installed on the remote host is earlier than 6.0.6 / 7.0.9 / 8.0 and thus reportedly is affected by several security issues, including one that can lead to arbitrary code execution when processing a malicious PDF file.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 40798
    published 2009-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40798
    title Adobe Acrobat < 6.0.6 / 7.0.9 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ACROREAD_JA-2545.NASL
    description The Adobe Acrobat Reader (Japanese version) has been updated to version 7.0.9. This update also includes following security fixes : - A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. (CVE-2006-5857) - Universal cross-site request forgery (CSRF) problems were fixed in the Acrobat Reader plugin which could be exploited by remote attackers to conduct CSRF attacks using any site that is providing PDFs. (CVE-2007-0044) - Cross-site scripting problems in the Acrobat Reader plugin were fixed, which could be exploited by remote attackers to conduct XSS attacks against any site that is providing PDFs. (CVE-2007-0045) - A double free problem in the Acrobat Reader plugin was fixed which could be used by remote attackers to potentially execute arbitrary code. Note that all platforms using Adobe Reader currently have counter measures against such attack where it will just cause a controlled abort(). (CVE-2007-0046)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 29371
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29371
    title SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 2545)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11433.NASL
    description The Adobe Acrobat Reader has been updated to version 7.0.9. For SUSE Linux Enterprise Server 9 this version now includes its own GLIB2, ATK, PANGO and GTK2 libraries, since Acroread 7.0.x requires a minimum level of GTK2 2.4. This update also includes following security fixes : - A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. (CVE-2006-5857) - Universal cross-site request forgery (CSRF) problems were fixed in the Acrobat Reader plugin which could be exploited by remote attackers to conduct CSRF attacks using any site that is providing PDFs. (CVE-2007-0044) - Cross-site scripting problems in the Acrobat Reader plugin were fixed, which could be exploited by remote attackers to conduct XSS attacks against any site that is providing PDFs. (CVE-2007-0045) - A double free problem in the Acrobat Reader plugin was fixed which could be used by remote attackers to potentially execute arbitrary code. Note that all platforms using Adobe Reader currently have counter measures against such attack where it will just cause a controlled abort(). (CVE-2007-0046) - CVE-2007-0047 and CVE-2007-0048 affect only Microsoft Windows and Internet Explorer.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41117
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41117
    title SuSE9 Security Update : acroread (YOU Patch Number 11433)
oval via4
accepted 2010-09-06T04:11:10.652-04:00
class vulnerability
contributors
name Aharon Chernin
organization SCAP.com, LLC
description Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.
family unix
id oval:org.mitre.oval:def:11698
status accepted
submitted 2010-07-09T03:56:16-04:00
title Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.
version 6
redhat via4
advisories
  • rhsa
    id RHSA-2007:0017
  • rhsa
    id RHSA-2007:0021
refmap via4
bid 21981
bugtraq 20070110 Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite
cert-vn VU#698924
confirm http://www.adobe.com/support/security/bulletins/apsb07-01.html
fulldisc 20070109 Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite
gentoo GLSA-200701-16
misc http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt
osvdb 31316
sectrack 1017491
secunia
  • 23666
  • 23691
  • 23812
  • 23877
  • 23882
  • 24533
sunalert 102847
suse SUSE-SA:2007:011
vupen
  • ADV-2007-0115
  • ADV-2007-0957
Last major update 07-03-2011 - 00:00
Published 31-12-2006 - 00:00
Last modified 17-10-2018 - 17:45
Back to Top