Vulnerability CVE-2007-0045


Published: 2007-01-03   Modified: 2012-02-12

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
Stefano Di Paola...
04.01.2007

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: Adobe
Product: Acrobat reader 
Version:
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0
Product: Acrobat 
Version:
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0
Product: Acrobat 3d 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
http://security.gentoo.org/glsa/glsa-200701-16.xml
http://securityreason.com/securityalert/2090
http://securitytracker.com/id?1017469
http://securitytracker.com/id?1023007
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
http://www.adobe.com/support/security/advisories/apsa07-01.html
http://www.adobe.com/support/security/advisories/apsa07-02.html
http://www.adobe.com/support/security/bulletins/apsb07-01.html
http://www.adobe.com/support/security/bulletins/apsb09-15.html
http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
http://www.gnucitizen.org/blog/danger-danger-danger/
http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
http://www.kb.cert.org/vuls/id/815960
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.redhat.com/support/errata/RHSA-2007-0021.html
http://www.securityfocus.com/archive/1/455790/100/0/threaded
http://www.securityfocus.com/archive/1/455800/100/0/threaded
http://www.securityfocus.com/archive/1/455801/100/0/threaded
http://www.securityfocus.com/archive/1/455831/100/0/threaded
http://www.securityfocus.com/archive/1/455836/100/0/threaded
http://www.securityfocus.com/archive/1/455906/100/0/threaded
http://www.securityfocus.com/bid/21858
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
http://www.vupen.com/english/advisories/2007/0032
http://www.vupen.com/english/advisories/2007/0957
http://www.vupen.com/english/advisories/2009/2898
http://www.wisec.it/vulns.php?page=9
https://exchange.xforce.ibmcloud.com/vulnerabilities/31271
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
https://rhn.redhat.com/errata/RHSA-2007-0017.html

Related CVE
CVE-2018-5070
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c...
CVE-2018-5069
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c...
CVE-2018-5068
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-5067
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current ...
CVE-2018-5066
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-5065
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current...
CVE-2018-5064
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c...
CVE-2018-5063
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Copyright 2018, cxsecurity.com

 

Back to Top