HOME > VULNERABILITY


   VULNERABILITY

 

CERT-In Vulnerability Note CIVN-2010-131
Adobe Reader and Acrobat Cross Site Scripting Vulnerability

Original Issue Date: April 29, 2010

Severity Rating:Medium

System Affected

  • Adobe Reader 9.3.1 and earlier 9.x versions for Windows, Macintosh and UNIX
  • Adobe Reader version 8.2.1 and prior versions
  • Adobe Acrobat 9.3.1 and earlier 9.x versions for Windows and Macintosh
  • Adobe Acrobat version 8.2.1 and prior versions

Overview

A Vulnerability has been reported in Adobe Reader and Acrobat, which could allow remote attackers to conduct cross- site scripting attacks.

Description

This vulnerability is caused due to an unspecified error in Adobe Acrobat and Reader. A remote attacker could exploit this vulnerability via unspecified vectors to conduct cross-site scripting attacks.

Solution

Upgrade to Adobe Acrobat and Reader version 9.3.2 or 8.2.2 :
http://www.adobe.com/support/security/bulletins/apsb10-09.html

Vendor Information

Adobe
http://www.adobe.com/support/security/bulletins/apsb10-09.html

References

Adobe
http://www.adobe.com/support/security/bulletins/apsb10-09.html

SecurityFocus
http://www.securityfocus.com/bid/39515
http://www.securityfocus.com/bid/39329

US-CERT
http://www.us-cert.gov/cas/techalerts/TA10-103C.html

SecurityTracker
http://securitytracker.com/alerts/2010/Apr/1023852.html

VUPEN
http://www.vupen.com/english/advisories/2010/0873

CVE Name
CVE-2010-0190

CWE
CWE-79

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003