CVE-2006-1627
7.5
CVSS SCORE
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Description
Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Affected Software Configurations
- a adobe acrobat_reader * * reader_extensions * * * * *
Weaknesses (CWE)
- NVD-CWE-Other
References & External Links
- http://secunia.com/advisories/15924
- http://secunia.com/secunia_research/2005-68/advisory/
- http://securitytracker.com/id?1015905
- http://www.adobe.com/support/techdocs/322699.html
- http://www.securityfocus.com/archive/1/430869/100/0/threaded
- http://www.securityfocus.com/bid/17500
- http://www.vupen.com/english/advisories/2006/1342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25769
- http://secunia.com/advisories/15924
- http://secunia.com/secunia_research/2005-68/advisory/
- http://securitytracker.com/id?1015905
- http://www.adobe.com/support/techdocs/322699.html
- http://www.securityfocus.com/archive/1/430869/100/0/threaded
- http://www.securityfocus.com/bid/17500
- http://www.vupen.com/english/advisories/2006/1342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25769