PT-2006-6865 · Adobe · Acropdf Activex+1
Published
2006-12-03
·
Updated
2018-10-17
·
CVE-2006-6236
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Adobe Reader versions 7.0 through 7.0.8
Description
The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the
src, setPageMode, setLayoutMode, and setNamedDest methods in an AcroPDF ActiveX control.Recommendations
For Adobe Reader versions 7.0 through 7.0.8, consider disabling the AcroPDF ActiveX control as a temporary workaround until a patch is available. Restrict access to the
src, setPageMode, setLayoutMode, and setNamedDest methods to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Acropdf Activex
Reader