Vulnerability CVE-2007-0044


Published: 2007-01-03   Modified: 2012-02-12

Description:
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
Stefano Di Paola...
04.01.2007

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

Vendor: Adobe
Product: Acrobat reader 
Version:
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0
Product: Acrobat 
Version:
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0
Product: Acrobat 3d 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.wisec.it/vulns.php?page=9
http://xforce.iss.net/xforce/xfdb/31266
http://www.vupen.com/english/advisories/2007/0032
http://www.securityfocus.com/bid/21858
http://www.securityfocus.com/archive/1/archive/1/455801/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2008-0144.html
http://securitytracker.com/id?1017469
http://securityreason.com/securityalert/2090
http://security.gentoo.org/glsa/glsa-200701-16.xml
http://secunia.com/advisories/29065
http://secunia.com/advisories/23882
http://secunia.com/advisories/23812
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10042
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf

Related CVE
CVE-2018-4916
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intende...
CVE-2018-4915
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intende...
CVE-2018-4914
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end o...
CVE-2018-4913
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the XFA engine, rela...
CVE-2018-4912
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end o...
CVE-2018-4911
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API r...
CVE-2018-4910
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine...
CVE-2018-4909
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end o...

Copyright 2018, cxsecurity.com

 

Back to Top