CVE-2006-1785

Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:S/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/15924	Vendor Advisory
http://secunia.com/secunia_research/2005-68/advisory/	Vendor Advisory
http://www.adobe.com/support/techdocs/322699.html	Vendor Advisory
http://www.osvdb.org/24588
http://www.securityfocus.com/archive/1/430869/100/0/threaded
http://www.securityfocus.com/bid/17500
http://www.vupen.com/english/advisories/2006/1342
https://exchange.xforce.ibmcloud.com/vulnerabilities/25770

Configurations

Configuration 1 (hide)

cpe:2.3:a:adobe:document_server:6.0:*:reader_extensions:*:*:*:*:*

History

No history.

Information

Published : 2006-04-13 22:02

Updated : 2024-02-28 10:42

NVD link : CVE-2006-1785

Mitre link : CVE-2006-1785

CVE.ORG link : CVE-2006-1785

JSON object : View

Products Affected

adobe

document_server

CWE

NVD-CWE-Other

{"id": "CVE-2006-1785", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-04-13T22:02:00.000", "references": [{"url": "http://secunia.com/advisories/15924", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/secunia_research/2005-68/advisory/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.adobe.com/support/techdocs/322699.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24588", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/430869/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17500", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1342", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25770", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the \"Update Download Site\" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries."}], "lastModified": "2018-10-18T16:36:20.723", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:document_server:6.0:*:reader_extensions:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A18104E-CEF4-4212-8FB3-5F18A67905D6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}