Vulnerability Description
Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Document Server | 6.0 |
References
- http://secunia.com/advisories/15924Vendor Advisory
- http://secunia.com/secunia_research/2005-68/advisory/Vendor Advisory
- http://www.adobe.com/support/techdocs/322699.htmlVendor Advisory
- http://www.osvdb.org/24588
- http://www.securityfocus.com/archive/1/430869/100/0/threaded
- http://www.securityfocus.com/bid/17500
- http://www.vupen.com/english/advisories/2006/1342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25770
- http://secunia.com/advisories/15924Vendor Advisory
- http://secunia.com/secunia_research/2005-68/advisory/Vendor Advisory
- http://www.adobe.com/support/techdocs/322699.htmlVendor Advisory
- http://www.osvdb.org/24588
- http://www.securityfocus.com/archive/1/430869/100/0/threaded
- http://www.securityfocus.com/bid/17500
- http://www.vupen.com/english/advisories/2006/1342
FAQ
What is CVE-2006-1785?
CVE-2006-1785 is a vulnerability with a CVSS score of 2.1 (LOW). Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download...
How severe is CVE-2006-1785?
CVE-2006-1785 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1785?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Document Server.