Local File Reading and Code Execution in Adobe Graphics and Document Server
CVE-2006-1182

Currently unrated

Key Information:

Vendor: Adobe
Status: Graphics Server; Document Server
Vendor: CVE Published:; 16 March 2006

Summary

An issue has been identified in Adobe Graphics Server and Adobe Document Server that allows local users to exploit specific SOAP commands. By crafting a tailored SOAP request using the 'saveContent', 'saveOptimized', or 'loadContent' commands, attackers can gain unauthorized access to read sensitive files or overwrite files on the server. This vulnerability highlights significant risks inherent to the handling of SOAP requests in these products, necessitating immediate attention and security measures.

References

http://securitytracker.com/id?1015769

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2006/0956

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/25247

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Mar 16, 2006
Vulnerability Reserved
Mar 12, 2006