Vulnerability CVE-2007-0044


Published: 2007-01-03   Modified: 2012-02-12

Description:
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
Stefano Di Paola...
04.01.2007

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

Vendor: Adobe
Product: Acrobat reader 
Version:
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0
Product: Acrobat 
Version:
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0
Product: Acrobat 3d 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
http://security.gentoo.org/glsa/glsa-200701-16.xml
http://securityreason.com/securityalert/2090
http://securitytracker.com/id?1017469
http://www.redhat.com/support/errata/RHSA-2008-0144.html
http://www.securityfocus.com/archive/1/455801/100/0/threaded
http://www.securityfocus.com/bid/21858
http://www.vupen.com/english/advisories/2007/0032
http://www.wisec.it/vulns.php?page=9
https://exchange.xforce.ibmcloud.com/vulnerabilities/31266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042

Related CVE
CVE-2019-8076
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8070
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8069
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8001
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-8000
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
CVE-2019-7999
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
CVE-2019-7998
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7997
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

Copyright 2019, cxsecurity.com

 

Back to Top