Adobe Document Server for Reader Extensions contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'actionID' variable upon submission to the 'ads-readerext' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Upgrade to version 6.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015905
• Secunia Advisory ID: 15924
• Bugtraq ID: 17500
• CVE ID: 2006-1786 (see also: NVD)
• Related OSVDB ID: 24587 24588 24590 24591 24592
• ISS X-Force ID: 25770
• VUPEN Advisory: ADV-2006-1342 [ Link is 404 ]
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0256.html
• Other Advisory URL: http://secunia.com/secunia_research/2005-68/advisory/
• Vendor URL: http://www.adobe.com/products/server/readerextensions/main.html

• Tan Chew Keong - Secunia Research
• Carsten Eiram - Secunia Research