GLSA-200701-16 : Adobe Acrobat Reader: Multiple vulnerabilities
High Nessus Plugin ID 24252
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200701-16 (Adobe Acrobat Reader: Multiple vulnerabilities)
Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code execution via heap corruption when loading a specially crafted PDF file.
The browser plugin released with Adobe Acrobat Reader (nppdf.so) does not properly handle URLs, and crashes if given a URL that is too long.
Lastly, the plugin does not properly handle the FDF, xml, xfdf AJAX request parameters following the # character in a URL, allowing for multiple cross-site scripting vulnerabilities.
There is no known workaround at this time.
SolutionAll Adobe Acrobat Reader users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-text/acroread-7.0.9'