Description
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
Affected products
- Adobe / acrobat5.0.6 – 5.0.6
- mandrakesoft / mandrake_linux9.0 – 9.0
- mandrakesoft / mandrake_linux9.1 – 9.1
- mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / linux7.3 – 7.3
- RedHat / linux7.1 – 7.1
- RedHat / linux7.2 – 7.2
- RedHat / linux8.0 – 8.0
- RedHat / linux9.0 – 9.0
- RedHat / linux_advanced_workstation2.1 – 2.1
- Xpdf / Xpdf1.1 – 1.1
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/9038
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:071
- MISChttp://www.kb.cert.org/vuls/id/200132
- MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html
- MISChttp://www.redhat.com/support/errata/RHSA-2003-196.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/9037
- MISChttp://www.redhat.com/support/errata/RHSA-2003-197.html
- MAILING_LISThttp://marc.info/?l=bugtraq&m=105777963019186&w=2
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664