CVE-2006-6236Uncontrolled Resource Consumption in Adobe Acrobat Reader

CWE-400Uncontrolled Resource Consumption5 documents3 sources
Severity
9.3CRITICALNVD
NVD5.0
EPSS
53.4%
top 2.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Adobe Acrobat ReaderMozilla FirefoxOpera Browser
Timeline
PublishedDec 3
Latest updateMay 1

Description

Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDadobe/acrobat_reader10 versions+9
NVDmozilla/firefox2.0.0.3

Patches

Patch: www.adobe.comPatch: www.securityfocus.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-jcvx-wgg4-cc84: AcroPDF2022-05-01
GHSA
GHSA-fgmp-qcpg-37v3: Adobe Reader (Adobe Acrobat Reader) 72022-05-01

📋Vendor Advisories

1
Red Hat
CVE-2006-6236: Adobe Reader (Adobe Acrobat Reader) 7
CVE-2006-6236 — Uncontrolled Resource Consumption | cvebase