Note: This is an archival copy of Security Sun Alert 201065 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000788.1.
Article ID : 1000788.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-04-29
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Multiple Security Vulnerabilities in Adobe Reader May Lead to Execution of Arbitrary Code


Release Phase

Solaris 10 Operating System

Bug Id

Date of Workaround Release

Date of Resolved Release


Multiple security vulnerabilities in the Adobe Reader may allow remote unprivileged users to execute arbitrary code. This includes a cross-site scripting (XSS) vulnerability that may allow a remote unprivileged user to inject arbitrary JavaScript into a browser session.

Note: Adobe Reader is the free viewing companion to Adobe Acrobat. Adobe Reader allows you to view, navigate, and print Portable Document Format (PDF) files.

These issues have been described in the following documents:

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 without patch 121104-02

Note 1: Solaris 8 and Solaris 9 are not affected by this issue. Solaris 10 x86 platform is also not affected.

Note 2: All versions of Adobe Reader and Acrobat up to and including version 7.0.8 are affected by these issues. Solaris 10 ships Acrobat Reader 7.0.

To determine the version of Adobe Reader installed on the system the following command can be run:

    $ /usr/bin/acroread -version



There are no predictable symptoms that would indicate the described issues have been exploited.


To work around the described issues, do not load PDF files from untrusted sources.

To work around the cross site scripting vulnerability, disable JavaScript in the browser application. This can done in Mozilla as follows:

  1. Open the Preferences dialog from the Edit menu
  2. Select the Advanced tree
  3. Select the Scripts & Plug-ins leaf
  4. Uncheck the Navigator check box
  5. Click the OK button


This issue is addressed in the following release:

SPARC Platform

  • Solaris 10 with patch 121104-02 or later

Modification History
Date: 30-APR-2007
  • State: Resolved
  • Updated Contributing Factors and Resolution sections



This solution has no attachment