ID CVE-2006-1182
Summary Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the (1) saveContent or (2) saveOptimized ADS commands, or the (3) loadContent command.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:document_server:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:document_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:document_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:document_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:graphics_server:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:graphics_server:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:graphics_server:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:graphics_server:2.1:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 18-10-2018 - 16:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:L/AC:H/Au:N/C:P/I:P/A:N
refmap via4
bid 17113
bugtraq 20060315 Secunia Research: Adobe Document/Graphics Server File URI ResourceAccess
confirm http://www.adobe.com/support/techdocs/332989.html
osvdb 23924
sectrack
  • 1015768
  • 1015769
secunia 19229
sreason 588
vupen ADV-2006-0956
xf adobe-unauth-command-access(25247)
Last major update 18-10-2018 - 16:31
Published 16-03-2006 - 01:02
Last modified 18-10-2018 - 16:31
Back to Top