BID:39515

Adobe Acrobat and Reader CVE-2010-0190 Cross Site Scripting Vulnerability

Info

Adobe Acrobat and Reader CVE-2010-0190 Cross Site Scripting Vulnerability

Bugtraq ID:	39515
Class:	Input Validation Error
CVE:	CVE-2010-0190
Remote:	Yes
Local:	No
Published:	Apr 13 2010 12:00AM
Updated:	Sep 07 2010 09:12PM
Credit:	Billy Rios and Microsoft Vulnerability Research (MSVR)
Vulnerable:	SuSE Suse Linux Enterprise Desktop 11 SuSE Suse Linux Enterprise Desktop 10 SP3 SuSE Suse Linux Enterprise Desktop 10 SP2 S.u.S.E. openSUSE 11.2 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 Redhat Enterprise Linux WS Extras 4 Redhat Enterprise Linux Supplementary 5 server Redhat Enterprise Linux Extras 4 Redhat Enterprise Linux ES Extras 4 Redhat Enterprise Linux Desktop Supplementary 5 client Redhat Enterprise Linux AS Extras 4 Redhat Desktop Extras 4 Gentoo Linux Adobe Reader 9.3.1 Adobe Reader 9.1.3 Adobe Reader 9.1.2 Adobe Reader 9.1.1 Adobe Reader 8.2.1 Adobe Reader 8.1.7 Adobe Reader 8.1.6 Adobe Reader 8.1.5 Adobe Reader 8.1.4 Adobe Reader 8.1.3 Adobe Reader 8.1.2 Adobe Reader 8.1.1 Adobe Reader 9.3 Adobe Reader 9.2 Adobe Reader 9.1 Adobe Reader 9.0 Adobe Reader 8.2 Adobe Reader 8.1.2 Security Updat Adobe Reader 8.1 Adobe Reader 8.0 Adobe Acrobat Standard 9.3.1 Adobe Acrobat Standard 9.1.3 Adobe Acrobat Standard 9.1.2 Adobe Acrobat Standard 8.2.1 Adobe Acrobat Standard 8.1.7 Adobe Acrobat Standard 8.1.6 Adobe Acrobat Standard 8.1.4 Adobe Acrobat Standard 8.1.3 Adobe Acrobat Standard 8.1.2 Adobe Acrobat Standard 8.1.1 Adobe Acrobat Standard 9.3 Adobe Acrobat Standard 9.2 Adobe Acrobat Standard 9.1 Adobe Acrobat Standard 9 Adobe Acrobat Standard 8.2 Adobe Acrobat Standard 8.1 Adobe Acrobat Standard 8.0 Adobe Acrobat Professional 9.3.1 Adobe Acrobat Professional 8.2.1 Adobe Acrobat Professional 8.1.7 Adobe Acrobat Professional 8.1.6 Adobe Acrobat Professional 8.1.4 Adobe Acrobat Professional 8.1.3 Adobe Acrobat Professional 8.1.2 Adobe Acrobat Professional 8.1.1 Adobe Acrobat Professional 9.3 Adobe Acrobat Professional 8.2 Adobe Acrobat Professional 8.1.2 Security Updat Adobe Acrobat Professional 8.1 Adobe Acrobat Professional 8.0 Adobe Acrobat 9.3.1 Adobe Acrobat 9.1.1 Adobe Acrobat 9.3 Adobe Acrobat 9.2

Not Vulnerable:	Adobe Reader 9.3.2 Adobe Reader 8.2.2 Adobe Acrobat Standard 9.3.2 Adobe Acrobat Standard 8.2.2 Adobe Acrobat Professional 9.3.2 Adobe Acrobat Professional 8.2.2 Adobe Acrobat 9.3.2 Adobe Acrobat 8.2.2

Discussion

Adobe Acrobat and Reader CVE-2010-0190 Cross Site Scripting Vulnerability

Adobe Acrobat and Reader are prone to an unspecified cross-site-scripting vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application; other attacks may also be possible.

The following products are affected:

Adobe Reader 9.3.1 and prior for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.1 and prior for Windows and Macintosh
Adobe Reader 8.2.1 and prior for Windows and Macintosh
Acrobat 8.2.1 and prior for Windows and Macintosh

Note: This vulnerability was previously documented in BID 39329 (Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities) but has been given its own record to better document the issue.

Exploit / POC

Adobe Acrobat and Reader CVE-2010-0190 Cross Site Scripting Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Adobe Acrobat and Reader CVE-2010-0190 Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references for more information.

S.u.S.E. openSUSE 11.0