Vulnerability CVE-2007-0048


Published: 2007-01-03   Modified: 2012-02-12

Description:
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
Stefano Di Paola...
04.01.2007

Vendor: Adobe
Product: Acrobat reader 
Version:
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0
Product: Acrobat 
Version:
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0
Product: Acrobat 3d 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
http://www.wisec.it/vulns.php?page=9
http://xforce.iss.net/xforce/xfdb/31273
http://www.vupen.com/english/advisories/2009/2898
http://www.vupen.com/english/advisories/2007/0032
http://www.securityfocus.com/archive/1/archive/1/455801/100/0/threaded
http://www.adobe.com/support/security/bulletins/apsb09-15.html
http://www.adobe.com/support/security/bulletins/apsb07-01.html
http://securitytracker.com/id?1023007
http://securitytracker.com/id?1017469
http://security.gentoo.org/glsa/glsa-200701-16.xml
http://secunia.com/advisories/33754
http://secunia.com/advisories/23882
http://secunia.com/advisories/23812
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6348
http://osvdb.org/31596
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
http://securityreason.com/securityalert/2090

Related CVE
CVE-2018-4990
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current us...
CVE-2018-4994
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-4992
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation.
CVE-2018-4991
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass.
CVE-2018-4944
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-4943
Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app.
CVE-2018-4942
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-4941
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.

Copyright 2018, cxsecurity.com

 

Back to Top