Family: Red Hat Local Security Checks --> Category: infos
RHSA-2003-197: xpdf Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the xpdf packages
Detailed Explanation for this Vulnerability Test
Updated Xpdf packages are available that fix a vulnerability where a
malicious PDF document could run arbitrary code.
[Updated 21 July 2003]
Updated packages are now available, as the original errata packages did not
fix all possible ways of exploiting this vulnerability.
Xpdf is an X Window System based viewer for Portable Document Format
Martyn Gilmore discovered a flaw in various PDF viewers and readers. An
attacker can embed malicious external-type hyperlinks that if activated or
followed by a victim can execute arbitrary shell commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0434 to this issue.
All users of Xpdf are advised to upgrade to these errata packages, which
contain a patch correcting this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2003-197.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.