Vulnerability Name:

CVE-2006-6027 (CCN-30574)

Assigned:2006-11-21
Published:2006-11-21
Updated:2018-10-17
Summary:Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-6027

Source: MITRE
Type: CNA
CVE-2006-6236

Source: MISC
Type: Exploit
http://downloads.securityfocus.com/vulnerabilities/exploits/21155-AcroPDF_DoS.html

Source: MISC
Type: UNKNOWN
http://research.eeye.com/html/alerts/zeroday/20061128.html

Source: CCN
Type: SA23138
Adobe Reader / Acrobat AcroPDF ActiveX Control Bugs

Source: SECUNIA
Type: UNKNOWN
23138

Source: CCN
Type: SECTRACK ID: 1017297
Adobe Acrobat Buffer Overflow in `AcroPDF.dll` ActiveX May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1017297

Source: CCN
Type: Adobe Product Security Advisory APSA06-02
Potential vulnerabilities in Adobe Reader and Acrobat

Source: CONFIRM
Type: UNKNOWN
http://www.adobe.com/support/security/advisories/apsa06-02.html

Source: CCN
Type: Adobe Product Security Bulletin APSB06-20
Update available for potential vulnerabilities in Adobe Reader and Adobe Acrobat 7

Source: CCN
Type: US-CERT VU#198908
Adobe Acrobat AcroPDF ActiveX control fails to properly handle malformed input

Source: CERT-VN
Type: US Government Resource
VU#198908

Source: CCN
Type: OSVDB ID: 31057
Adobe Reader AcroPDF ActiveX Control LoadFile Method Arbitrary Code Execution

Source: CCN
Type: OSVDB ID: 31058
Adobe Reader AcroPDF ActiveX Control Multiple Method Arbitrary Code Execution

Source: BUGTRAQ
Type: UNKNOWN
20061205 eEye's Zero-Day Tracker Launch

Source: BID
Type: Exploit
21155

Source: CCN
Type: BID-21155
Adobe Acrobat Multiple Vulnerabilities

Source: CCN
Type: BID-21338
Adobe Reader and Acrobat AcroPDF.dll ActiveX Control Remote Code Execution Vulnerabilities

Source: CCN
Type: BID-21813
Adobe Reader AcroPDF.DLL ActiveX Control Remote Denial of Service Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-4751

Source: XF
Type: UNKNOWN
adobe-acrobat-acropdf-code-execution(30574)

Source: XF
Type: UNKNOWN
adobe-acrobat-acropdf-code-execution(30574)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    adobe acrobat reader 7.0
    adobe acrobat reader 7.0.1
    adobe acrobat reader 7.0.2
    adobe acrobat reader 7.0.3
    adobe acrobat reader 7.0.4
    adobe acrobat reader 7.0.5
    adobe acrobat reader 7.0.6
    adobe acrobat reader 7.0.7
    adobe acrobat reader 7.0.8
    adobe acrobat reader 7.0
    adobe acrobat reader 7.0.1
    adobe acrobat 7.0
    adobe acrobat 7.0.1
    adobe acrobat reader 7.0.2
    adobe acrobat reader 7.0.3
    adobe acrobat reader 7.0.4
    adobe acrobat reader 7.0.5
    adobe acrobat reader 7.0.6
    adobe acrobat reader 7.0.7
    adobe acrobat reader 7.0.8
    adobe acrobat 7.0.2
    adobe acrobat 7.0.3
    adobe acrobat 7.0.4
    adobe acrobat 7.0.5
    adobe acrobat 7.0.6
    adobe acrobat 7.0.7
    adobe acrobat 7.0.8