Vulnerability Description
Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Acrobat Reader | <= 6.0 |
References
- http://secunia.com/advisories/15924Vendor Advisory
- http://secunia.com/secunia_research/2005-68/advisory/Vendor Advisory
- http://securitytracker.com/id?1015905
- http://www.adobe.com/support/techdocs/322699.html
- http://www.securityfocus.com/archive/1/430869/100/0/threaded
- http://www.securityfocus.com/bid/17500
- http://www.vupen.com/english/advisories/2006/1342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25769
- http://secunia.com/advisories/15924Vendor Advisory
- http://secunia.com/secunia_research/2005-68/advisory/Vendor Advisory
- http://securitytracker.com/id?1015905
- http://www.adobe.com/support/techdocs/322699.html
- http://www.securityfocus.com/archive/1/430869/100/0/threaded
- http://www.securityfocus.com/bid/17500
- http://www.vupen.com/english/advisories/2006/1342
FAQ
What is CVE-2006-1627?
CVE-2006-1627 is a vulnerability with a CVSS score of 7.5 (HIGH). Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) page...
How severe is CVE-2006-1627?
CVE-2006-1627 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1627?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat Reader.