CVE-2006-1785

Name of the Vulnerable Software and Affected Versions Adobe Document Server for Reader Extensions version 6.0

Description The issue allows remote authenticated users with administrative privileges to inject arbitrary web script via a leading ftp or http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. It is unclear whether this issue crosses security boundaries due to the requirement for administrative privileges to exploit.

Recommendations For Adobe Document Server for Reader Extensions version 6.0, consider restricting access to the "Update Download Site" section to prevent exploitation, and avoid using the ReaderURL variable with untrusted input until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.