Note: This is an archival copy of Security Sun Alert 201065 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000788.1. |
Category Security Release Phase Resolved Solaris 10 Operating System Bug Id 6526702 Date of Workaround Release 14-MAR-2007 Date of Resolved Release 30-APR-2007 Impact Multiple security vulnerabilities in the Adobe Reader may allow remote unprivileged users to execute arbitrary code. This includes a cross-site scripting (XSS) vulnerability that may allow a remote unprivileged user to inject arbitrary JavaScript into a browser session. Note: Adobe Reader is the free viewing companion to Adobe Acrobat. Adobe Reader allows you to view, navigate, and print Portable Document Format (PDF) files. These issues have been described in the following documents:
Contributing Factors This issue can occur in the following releases: SPARC Platform
Note 1: Solaris 8 and Solaris 9 are not affected by this issue. Solaris 10 x86 platform is also not affected. Note 2: All versions of Adobe Reader and Acrobat up to and including version 7.0.8 are affected by these issues. Solaris 10 ships Acrobat Reader 7.0. To determine the version of Adobe Reader installed on the system the following command can be run: $ /usr/bin/acroread -version 7.0.1
Symptoms There are no predictable symptoms that would indicate the described issues have been exploited. Workaround To work around the described issues, do not load PDF files from untrusted sources. To work around the cross site scripting vulnerability, disable JavaScript in the browser application. This can done in Mozilla as follows:
Resolution This issue is addressed in the following release: SPARC Platform
Modification History Date: 30-APR-2007
References121104-02Attachments This solution has no attachment |
|