Summary
This host is installed with Adobe Reader and is prone to code execution vulnerability.
Impact
Successful exploitation will allow attacker to launch a symlink attack and execute code on the system.
Impact Level: System/Application
Solution
Update to Adobe Reader version 5.0.6 or later. For Updates refer http://www.adobe.com
Insight
The flaw is due to the application creating 'AdobeFnt.lst' file with insecure permissions.
Affected
Adobe Reader version 4.0.5 and 5.0.5 on Linux.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2001-1069 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- Adobe Air Multiple Vulnerabilities - December12 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
- Adobe Air Multiple Vulnerabilities - November12 (Windows)
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability