Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1785


Vulnerability Score 2.1 2.1
CVE Id CVE-2006-1785
Last Modified 07 Mar 2011 09:34:06
Published 13 Apr 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE



Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.

Vulnerable Systems


  • Adobe Document Server 6.0


VUPEN - ADV-2006-1342



SECUNIA - 15924

XF - adobe-readerurl-xss(25770)

BID - 17500

BUGTRAQ - 20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities

OSVDB - 24588

Last Updated: 27 May 2016 10:42:10