Adobe Presenter Multiple Cross Site Scripting Vulnerabilities
BID:30615
Info
Adobe Presenter Multiple Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 30615 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3515 CVE-2008-3516 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 09 2008 12:00AM |
| Updated: | Aug 25 2008 05:45PM |
| Credit: | Adi Sharabani, Ayal Yogev, and Yuval Baror from IBM Rational Application Security and Tavis Ormandy of the Google Security Team |
| Vulnerable: |
Adobe Presenter 7 Adobe Presenter 6 |
| Not Vulnerable: |
Adobe Presenter 7.0.1 |
Discussion
Adobe Presenter Multiple Cross Site Scripting Vulnerabilities
Adobe Presenter is prone to multiple cross-site scripting vulnerabilities because sites generated with the vulnerable application fail to sufficiently sanitize user-supplied data.
An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
These issues affect Adobe Presenter 6 and 7.
Adobe Presenter is prone to multiple cross-site scripting vulnerabilities because sites generated with the vulnerable application fail to sufficiently sanitize user-supplied data.
An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
These issues affect Adobe Presenter 6 and 7.
Exploit / POC
Adobe Presenter Multiple Cross Site Scripting Vulnerabilities
To exploit these issues, an attacker must entice a victim into following a malicious URI.
To exploit these issues, an attacker must entice a victim into following a malicious URI.
Solution / Fix
Adobe Presenter Multiple Cross Site Scripting Vulnerabilities
Solution:
The vendor has released advisory APSB08-17 to address these issues. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
After installing updates, the vendor recommends regenerating and redeploying all applications created with previous versions.
Adobe Presenter 7
Solution:
The vendor has released advisory APSB08-17 to address these issues. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
After installing updates, the vendor recommends regenerating and redeploying all applications created with previous versions.
Adobe Presenter 7
-
Adobe adobe_presenter_patch_v701.exe
http://download.adobe.com/pub/adobe/presenter/win/adobe_presenter_patc h_v701.exe
References
Adobe Presenter Multiple Cross Site Scripting Vulnerabilities
References:
References: