CVE-2006-1785

Currently unrated

Key Information:

Vendor: Adobe
Status: Document Server
Vendor: CVE Published:; 13 April 2006

Summary

Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.

References

http://www.securityfocus.com/archive/1/430869/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.osvdb.org/24588

vdb-entryx_refsource_OSVDB

http://www.adobe.com/support/techdocs/322699.html

x_refsource_MISC

Timeline

Vulnerability published
Apr 13, 2006
Vulnerability Reserved
Apr 13, 2006