Adobe Acrobat Flaw Lets Remote Users Issue Cross-Domain Requests
|
|
SecurityTracker Alert ID: 1023586 |
|
SecurityTracker URL: http://securitytracker.com/id/1023586
|
|
CVE Reference:
CVE-2010-0186
(Links to External Site)
|
Updated: Feb 16 2010
|
Original Entry Date: Feb 12 2010
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 9.3 and prior versions
|
Description:
A vulnerability was reported in Adobe Acrobat and Adobe Reader. A remote user can conduct cross-domain request attacks.
A remote user can create specially crafted content that, when loaded by a target user, will bypass the domain sandbox controls and issue requests to other domains.
Michael Yong Park reported this vulnerability.
|
Impact:
A remote user can conduct cross-domain request attacks.
|
Solution:
The vendor has issued a fix (8.2.1, 9.3.1).
The vendor's advisory is available at:
http://www.adobe.com/support/security/bulletins/apsb10-07.html
|
Vendor URL: www.adobe.com/support/security/bulletins/apsb10-07.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (OS X), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 12 Feb 2010 00:41:21 +0000
Subject: Adobe Reader / Adobe Acrobat
|
http://www.adobe.com/support/security/bulletins/apsb10-07.html
APSB10-07
CVE-2010-0186, CVE-2010-0187
|
|
