Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1627

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1627
Last Modified 07 Mar 2011 09:33:27
Published 13 Apr 2006 02:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1627

Summary

Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure.

Vulnerable Systems

Application

  • Adobe Acrobat Reader 6.0


References

VUPEN - ADV-2006-1342

CONFIRM - http://www.adobe.com/support/techdocs/322699.html

MISC - http://secunia.com/secunia_research/2005-68/advisory/

SECUNIA - 15924

XF - adobe-access-control-bypass(25769)

BID - 17500

BUGTRAQ - 20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities

SECTRACK - 1015905


Last Updated: 27 May 2016 10:42:09