Intrusion Prevention

Adobe.Reader.SVG.Polyglots.CSRF

Description

This indicates an attack attempt against a Cross Site Request Forgery vulnerability in Adobe Acrobat Reader.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted HTTP packet. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and gain unauthorized access to the sensitive information.

Affected Products

Acrobat XI 11.0.11 and earlier versions Windows and Macintosh
Acrobat X 10.1.14 and earlier versions Windows and Macintosh
Reader XI 11.0.11 and earlier versions Windows and Macintosh
Reader X 10.1.14 and earlier versions Windows and Macintosh

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems

Recommended Actions

Upgrade to the latest version available from the website.
https://helpx.adobe.com/security/products/reader/apsb15-15.html

CVE References

CVE-2015-5092

Other References

APSB15-15