All the vulnerabilites related to adobe - acrobat_3d
cve-2007-0045
Vulnerability from cvelistv5
Published
2007-01-03 20:00
Modified
2024-08-07 12:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
References
http://www.redhat.com/support/errata/RHSA-2007-0021.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/23691third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlthird-party-advisory, x_refsource_CERT
https://rhn.redhat.com/errata/RHSA-2007-0017.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/21858vdb-entry, x_refsource_BID
http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.htmlx_refsource_CONFIRM
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfx_refsource_MISC
http://www.securityfocus.com/archive/1/455790/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://securitytracker.com/id?1023007vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/23882third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/455801/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2007/0032vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/24457third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742vendor-advisory, x_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/31271vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/455831/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.adobe.com/support/security/bulletins/apsb09-15.htmlx_refsource_CONFIRM
http://www.mozilla.org/security/announce/2007/mfsa2007-02.htmlx_refsource_CONFIRM
http://securityreason.com/securityalert/2090third-party-advisory, x_refsource_SREASON
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlvendor-advisory, x_refsource_SUSE
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/33754third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0957vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/455836/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/23812third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/455906/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://securitytracker.com/id?1017469vdb-entry, x_refsource_SECTRACK
http://www.adobe.com/support/security/advisories/apsa07-01.htmlx_refsource_CONFIRM
http://www.adobe.com/support/security/advisories/apsa07-02.htmlx_refsource_CONFIRM
http://secunia.com/advisories/23483third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23877third-party-advisory, x_refsource_SECUNIA
http://www.gnucitizen.org/blog/universal-pdf-xss-after-partyx_refsource_MISC
http://www.adobe.com/support/security/bulletins/apsb07-01.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487vdb-entry, signature, x_refsource_OVAL
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2009/2898vdb-entry, x_refsource_VUPEN
http://www.gnucitizen.org/blog/danger-danger-danger/x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200701-16.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/24533third-party-advisory, x_refsource_SECUNIA
http://www.disenchant.ch/blog/hacking-with-browser-plugins/34x_refsource_MISC
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131vendor-advisory, x_refsource_SLACKWARE
http://www.kb.cert.org/vuls/id/815960third-party-advisory, x_refsource_CERT-VN
http://www.securityfocus.com/archive/1/455800/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.wisec.it/vulns.php?page=9x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:03:37.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2007:0021",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0021.html"
          },
          {
            "name": "23691",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23691"
          },
          {
            "name": "TA09-286B",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
          },
          {
            "name": "RHSA-2007:0017",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2007-0017.html"
          },
          {
            "name": "21858",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21858"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
          },
          {
            "name": "20070103 Universal XSS with PDF files: highly dangerous",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455790/100/0/threaded"
          },
          {
            "name": "1023007",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023007"
          },
          {
            "name": "23882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23882"
          },
          {
            "name": "20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
          },
          {
            "name": "ADV-2007-0032",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0032"
          },
          {
            "name": "24457",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24457"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "adobe-acrobat-pdf-xss(31271)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31271"
          },
          {
            "name": "20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455831/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
          },
          {
            "name": "2090",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2090"
          },
          {
            "name": "SUSE-SA:2007:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
          },
          {
            "name": "102847",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
          },
          {
            "name": "33754",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33754"
          },
          {
            "name": "ADV-2007-0957",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0957"
          },
          {
            "name": "20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455836/100/0/threaded"
          },
          {
            "name": "23812",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23812"
          },
          {
            "name": "20070104 Universal PDF XSS After Party",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455906/100/0/threaded"
          },
          {
            "name": "1017469",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017469"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa07-01.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa07-02.html"
          },
          {
            "name": "23483",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23483"
          },
          {
            "name": "23877",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23877"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/universal-pdf-xss-after-party"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9693",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693"
          },
          {
            "name": "oval:org.mitre.oval:def:6487",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "ADV-2009-2898",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2898"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/danger-danger-danger/"
          },
          {
            "name": "GLSA-200701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
          },
          {
            "name": "24533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24533"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.disenchant.ch/blog/hacking-with-browser-plugins/34"
          },
          {
            "name": "SSA:2007-066-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
          },
          {
            "name": "VU#815960",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/815960"
          },
          {
            "name": "20070103 Re: Universal XSS with PDF files: highly dangerous",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455800/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.wisec.it/vulns.php?page=9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka \"Universal XSS (UXSS).\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2007:0021",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0021.html"
        },
        {
          "name": "23691",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23691"
        },
        {
          "name": "TA09-286B",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
        },
        {
          "name": "RHSA-2007:0017",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2007-0017.html"
        },
        {
          "name": "21858",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21858"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
        },
        {
          "name": "20070103 Universal XSS with PDF files: highly dangerous",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455790/100/0/threaded"
        },
        {
          "name": "1023007",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023007"
        },
        {
          "name": "23882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23882"
        },
        {
          "name": "20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
        },
        {
          "name": "ADV-2007-0032",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0032"
        },
        {
          "name": "24457",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24457"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "adobe-acrobat-pdf-xss(31271)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31271"
        },
        {
          "name": "20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455831/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
        },
        {
          "name": "2090",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2090"
        },
        {
          "name": "SUSE-SA:2007:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
        },
        {
          "name": "102847",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
        },
        {
          "name": "33754",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33754"
        },
        {
          "name": "ADV-2007-0957",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0957"
        },
        {
          "name": "20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455836/100/0/threaded"
        },
        {
          "name": "23812",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23812"
        },
        {
          "name": "20070104 Universal PDF XSS After Party",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455906/100/0/threaded"
        },
        {
          "name": "1017469",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017469"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa07-01.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa07-02.html"
        },
        {
          "name": "23483",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23483"
        },
        {
          "name": "23877",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23877"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/blog/universal-pdf-xss-after-party"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9693",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693"
        },
        {
          "name": "oval:org.mitre.oval:def:6487",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "ADV-2009-2898",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2898"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gnucitizen.org/blog/danger-danger-danger/"
        },
        {
          "name": "GLSA-200701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
        },
        {
          "name": "24533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24533"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.disenchant.ch/blog/hacking-with-browser-plugins/34"
        },
        {
          "name": "SSA:2007-066-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
        },
        {
          "name": "VU#815960",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/815960"
        },
        {
          "name": "20070103 Re: Universal XSS with PDF files: highly dangerous",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455800/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.wisec.it/vulns.php?page=9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0045",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka \"Universal XSS (UXSS).\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2007:0021",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0021.html"
            },
            {
              "name": "23691",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23691"
            },
            {
              "name": "TA09-286B",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
            },
            {
              "name": "RHSA-2007:0017",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2007-0017.html"
            },
            {
              "name": "21858",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21858"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
            },
            {
              "name": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf",
              "refsource": "MISC",
              "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
            },
            {
              "name": "20070103 Universal XSS with PDF files: highly dangerous",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455790/100/0/threaded"
            },
            {
              "name": "1023007",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023007"
            },
            {
              "name": "23882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23882"
            },
            {
              "name": "20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
            },
            {
              "name": "ADV-2007-0032",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0032"
            },
            {
              "name": "24457",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24457"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "adobe-acrobat-pdf-xss(31271)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31271"
            },
            {
              "name": "20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455831/100/0/threaded"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-15.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
            },
            {
              "name": "2090",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2090"
            },
            {
              "name": "SUSE-SA:2007:011",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
            },
            {
              "name": "102847",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
            },
            {
              "name": "33754",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33754"
            },
            {
              "name": "ADV-2007-0957",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0957"
            },
            {
              "name": "20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455836/100/0/threaded"
            },
            {
              "name": "23812",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23812"
            },
            {
              "name": "20070104 Universal PDF XSS After Party",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455906/100/0/threaded"
            },
            {
              "name": "1017469",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017469"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa07-01.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa07-01.html"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa07-02.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa07-02.html"
            },
            {
              "name": "23483",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23483"
            },
            {
              "name": "23877",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23877"
            },
            {
              "name": "http://www.gnucitizen.org/blog/universal-pdf-xss-after-party",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/blog/universal-pdf-xss-after-party"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb07-01.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
            },
            {
              "name": "oval:org.mitre.oval:def:9693",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693"
            },
            {
              "name": "oval:org.mitre.oval:def:6487",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "ADV-2009-2898",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2898"
            },
            {
              "name": "http://www.gnucitizen.org/blog/danger-danger-danger/",
              "refsource": "CONFIRM",
              "url": "http://www.gnucitizen.org/blog/danger-danger-danger/"
            },
            {
              "name": "GLSA-200701-16",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
            },
            {
              "name": "24533",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24533"
            },
            {
              "name": "http://www.disenchant.ch/blog/hacking-with-browser-plugins/34",
              "refsource": "MISC",
              "url": "http://www.disenchant.ch/blog/hacking-with-browser-plugins/34"
            },
            {
              "name": "SSA:2007-066-05",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
            },
            {
              "name": "VU#815960",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/815960"
            },
            {
              "name": "20070103 Re: Universal XSS with PDF files: highly dangerous",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455800/100/0/threaded"
            },
            {
              "name": "http://www.wisec.it/vulns.php?page=9",
              "refsource": "MISC",
              "url": "http://www.wisec.it/vulns.php?page=9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0045",
    "datePublished": "2007-01-03T20:00:00",
    "dateReserved": "2007-01-03T00:00:00",
    "dateUpdated": "2024-08-07T12:03:37.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-0044
Vulnerability from cvelistv5
Published
2007-01-03 20:00
Modified
2024-08-07 12:03
Severity ?
Summary
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
References
http://www.securityfocus.com/bid/21858vdb-entry, x_refsource_BID
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfx_refsource_MISC
http://secunia.com/advisories/23882third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/455801/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2007/0032vdb-entry, x_refsource_VUPEN
http://securityreason.com/securityalert/2090third-party-advisory, x_refsource_SREASON
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/23812third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1017469vdb-entry, x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042vdb-entry, signature, x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/31266vdb-entry, x_refsource_XF
http://secunia.com/advisories/29065third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200701-16.xmlvendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2008-0144.htmlvendor-advisory, x_refsource_REDHAT
http://www.wisec.it/vulns.php?page=9x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:03:36.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "21858",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21858"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
          },
          {
            "name": "23882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23882"
          },
          {
            "name": "20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
          },
          {
            "name": "ADV-2007-0032",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0032"
          },
          {
            "name": "2090",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2090"
          },
          {
            "name": "SUSE-SA:2007:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
          },
          {
            "name": "23812",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23812"
          },
          {
            "name": "1017469",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017469"
          },
          {
            "name": "oval:org.mitre.oval:def:10042",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042"
          },
          {
            "name": "adobe-acrobat-pdf-csrf(31266)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31266"
          },
          {
            "name": "29065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29065"
          },
          {
            "name": "GLSA-200701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
          },
          {
            "name": "RHSA-2008:0144",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0144.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.wisec.it/vulns.php?page=9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka \"Universal CSRF and session riding.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "21858",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21858"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
        },
        {
          "name": "23882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23882"
        },
        {
          "name": "20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
        },
        {
          "name": "ADV-2007-0032",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0032"
        },
        {
          "name": "2090",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2090"
        },
        {
          "name": "SUSE-SA:2007:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
        },
        {
          "name": "23812",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23812"
        },
        {
          "name": "1017469",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017469"
        },
        {
          "name": "oval:org.mitre.oval:def:10042",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042"
        },
        {
          "name": "adobe-acrobat-pdf-csrf(31266)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31266"
        },
        {
          "name": "29065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29065"
        },
        {
          "name": "GLSA-200701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
        },
        {
          "name": "RHSA-2008:0144",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0144.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.wisec.it/vulns.php?page=9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0044",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka \"Universal CSRF and session riding.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "21858",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21858"
            },
            {
              "name": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf",
              "refsource": "MISC",
              "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
            },
            {
              "name": "23882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23882"
            },
            {
              "name": "20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
            },
            {
              "name": "ADV-2007-0032",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0032"
            },
            {
              "name": "2090",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2090"
            },
            {
              "name": "SUSE-SA:2007:011",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
            },
            {
              "name": "23812",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23812"
            },
            {
              "name": "1017469",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017469"
            },
            {
              "name": "oval:org.mitre.oval:def:10042",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042"
            },
            {
              "name": "adobe-acrobat-pdf-csrf(31266)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31266"
            },
            {
              "name": "29065",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29065"
            },
            {
              "name": "GLSA-200701-16",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
            },
            {
              "name": "RHSA-2008:0144",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0144.html"
            },
            {
              "name": "http://www.wisec.it/vulns.php?page=9",
              "refsource": "MISC",
              "url": "http://www.wisec.it/vulns.php?page=9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0044",
    "datePublished": "2007-01-03T20:00:00",
    "dateReserved": "2007-01-03T00:00:00",
    "dateUpdated": "2024-08-07T12:03:36.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-0048
Vulnerability from cvelistv5
Published
2007-01-03 20:00
Modified
2024-08-07 12:03
Severity ?
Summary
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
References
http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlthird-party-advisory, x_refsource_CERT
http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.htmlx_refsource_CONFIRM
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfx_refsource_MISC
http://securitytracker.com/id?1023007vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/23882third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/455801/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2007/0032vdb-entry, x_refsource_VUPEN
http://www.adobe.com/support/security/bulletins/apsb09-15.htmlx_refsource_CONFIRM
http://securityreason.com/securityalert/2090third-party-advisory, x_refsource_SREASON
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348vdb-entry, signature, x_refsource_OVAL
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/33754third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/23812third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1017469vdb-entry, x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/31273vdb-entry, x_refsource_XF
http://www.adobe.com/support/security/bulletins/apsb07-01.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/2898vdb-entry, x_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-200701-16.xmlvendor-advisory, x_refsource_GENTOO
http://osvdb.org/31596vdb-entry, x_refsource_OSVDB
http://www.wisec.it/vulns.php?page=9x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:03:36.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA09-286B",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
          },
          {
            "name": "1023007",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023007"
          },
          {
            "name": "23882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23882"
          },
          {
            "name": "20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
          },
          {
            "name": "ADV-2007-0032",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0032"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
          },
          {
            "name": "2090",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2090"
          },
          {
            "name": "oval:org.mitre.oval:def:6348",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348"
          },
          {
            "name": "SUSE-SA:2007:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
          },
          {
            "name": "33754",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33754"
          },
          {
            "name": "23812",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23812"
          },
          {
            "name": "1017469",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017469"
          },
          {
            "name": "adobe-acrobat-character-dos(31273)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31273"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
          },
          {
            "name": "ADV-2009-2898",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2898"
          },
          {
            "name": "GLSA-200701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
          },
          {
            "name": "31596",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/31596"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.wisec.it/vulns.php?page=9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a \"cross-site scripting issue.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "TA09-286B",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
        },
        {
          "name": "1023007",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023007"
        },
        {
          "name": "23882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23882"
        },
        {
          "name": "20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
        },
        {
          "name": "ADV-2007-0032",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0032"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
        },
        {
          "name": "2090",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2090"
        },
        {
          "name": "oval:org.mitre.oval:def:6348",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348"
        },
        {
          "name": "SUSE-SA:2007:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
        },
        {
          "name": "33754",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33754"
        },
        {
          "name": "23812",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23812"
        },
        {
          "name": "1017469",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017469"
        },
        {
          "name": "adobe-acrobat-character-dos(31273)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31273"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
        },
        {
          "name": "ADV-2009-2898",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2898"
        },
        {
          "name": "GLSA-200701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
        },
        {
          "name": "31596",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/31596"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.wisec.it/vulns.php?page=9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a \"cross-site scripting issue.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-286B",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
            },
            {
              "name": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf",
              "refsource": "MISC",
              "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
            },
            {
              "name": "1023007",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023007"
            },
            {
              "name": "23882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23882"
            },
            {
              "name": "20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
            },
            {
              "name": "ADV-2007-0032",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0032"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-15.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
            },
            {
              "name": "2090",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2090"
            },
            {
              "name": "oval:org.mitre.oval:def:6348",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348"
            },
            {
              "name": "SUSE-SA:2007:011",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
            },
            {
              "name": "33754",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33754"
            },
            {
              "name": "23812",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23812"
            },
            {
              "name": "1017469",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017469"
            },
            {
              "name": "adobe-acrobat-character-dos(31273)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31273"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb07-01.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
            },
            {
              "name": "ADV-2009-2898",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2898"
            },
            {
              "name": "GLSA-200701-16",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
            },
            {
              "name": "31596",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/31596"
            },
            {
              "name": "http://www.wisec.it/vulns.php?page=9",
              "refsource": "MISC",
              "url": "http://www.wisec.it/vulns.php?page=9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0048",
    "datePublished": "2007-01-03T20:00:00",
    "dateReserved": "2007-01-03T00:00:00",
    "dateUpdated": "2024-08-07T12:03:36.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-2641
Vulnerability from cvelistv5
Published
2008-06-25 10:00
Modified
2024-08-07 09:05
Severity ?
Summary
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
References
http://www.vupen.com/english/advisories/2008/2289vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1906vdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/43307vdb-entry, x_refsource_XF
http://www.securitytracker.com/id?1020352vdb-entry, x_refsource_SECTRACK
http://isc.sans.org/diary.html?storyid=4616x_refsource_MISC
http://www.securityfocus.com/bid/29908vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://www.kb.cert.org/vuls/id/788019third-party-advisory, x_refsource_CERT-VN
http://secunia.com/advisories/30832third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31352third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1vendor-advisory, x_refsource_SUNALERT
http://www.adobe.com/support/security/bulletins/apsb08-15.htmlx_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200808-10.xmlvendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2008-0641.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/31136third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31428third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31339third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:05:30.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-2289",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2289"
          },
          {
            "name": "ADV-2008-1906",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1906"
          },
          {
            "name": "adobe-javascript-method-code-execution(43307)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43307"
          },
          {
            "name": "1020352",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020352"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.html?storyid=4616"
          },
          {
            "name": "29908",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29908"
          },
          {
            "name": "SUSE-SR:2008:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html"
          },
          {
            "name": "VU#788019",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/788019"
          },
          {
            "name": "30832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30832"
          },
          {
            "name": "31352",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31352"
          },
          {
            "name": "240106",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb08-15.html"
          },
          {
            "name": "GLSA-200808-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200808-10.xml"
          },
          {
            "name": "RHSA-2008:0641",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
          },
          {
            "name": "31136",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31136"
          },
          {
            "name": "31428",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31428"
          },
          {
            "name": "31339",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31339"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an \"input validation issue in a JavaScript method.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2008-2289",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2289"
        },
        {
          "name": "ADV-2008-1906",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1906"
        },
        {
          "name": "adobe-javascript-method-code-execution(43307)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43307"
        },
        {
          "name": "1020352",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020352"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.html?storyid=4616"
        },
        {
          "name": "29908",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29908"
        },
        {
          "name": "SUSE-SR:2008:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html"
        },
        {
          "name": "VU#788019",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/788019"
        },
        {
          "name": "30832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30832"
        },
        {
          "name": "31352",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31352"
        },
        {
          "name": "240106",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb08-15.html"
        },
        {
          "name": "GLSA-200808-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200808-10.xml"
        },
        {
          "name": "RHSA-2008:0641",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
        },
        {
          "name": "31136",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31136"
        },
        {
          "name": "31428",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31428"
        },
        {
          "name": "31339",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31339"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2641",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an \"input validation issue in a JavaScript method.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-2289",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2289"
            },
            {
              "name": "ADV-2008-1906",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1906"
            },
            {
              "name": "adobe-javascript-method-code-execution(43307)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43307"
            },
            {
              "name": "1020352",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020352"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=4616",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.html?storyid=4616"
            },
            {
              "name": "29908",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29908"
            },
            {
              "name": "SUSE-SR:2008:016",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html"
            },
            {
              "name": "VU#788019",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/788019"
            },
            {
              "name": "30832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30832"
            },
            {
              "name": "31352",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31352"
            },
            {
              "name": "240106",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb08-15.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb08-15.html"
            },
            {
              "name": "GLSA-200808-10",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200808-10.xml"
            },
            {
              "name": "RHSA-2008:0641",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
            },
            {
              "name": "31136",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31136"
            },
            {
              "name": "31428",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31428"
            },
            {
              "name": "31339",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31339"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2641",
    "datePublished": "2008-06-25T10:00:00",
    "dateReserved": "2008-06-09T00:00:00",
    "dateUpdated": "2024-08-07T09:05:30.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2007-01-03 21:28
Modified
2024-11-21 00:24
Severity ?
Summary
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
References
cve@mitre.orghttp://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
cve@mitre.orghttp://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
cve@mitre.orghttp://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
cve@mitre.orghttp://osvdb.org/31596
cve@mitre.orghttp://secunia.com/advisories/23812
cve@mitre.orghttp://secunia.com/advisories/23882
cve@mitre.orghttp://secunia.com/advisories/33754
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200701-16.xml
cve@mitre.orghttp://securityreason.com/securityalert/2090
cve@mitre.orghttp://securitytracker.com/id?1017469
cve@mitre.orghttp://securitytracker.com/id?1023007
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb07-01.html
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb09-15.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/455801/100/0/threaded
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA09-286B.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0032
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2898
cve@mitre.orghttp://www.wisec.it/vulns.php?page=9Exploit, Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/31273
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348
af854a3a-2127-422b-91ae-364da2661108http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
af854a3a-2127-422b-91ae-364da2661108http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
af854a3a-2127-422b-91ae-364da2661108http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/31596
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23812
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23882
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33754
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200701-16.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2090
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017469
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023007
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb07-01.html
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb09-15.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455801/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0032
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2898
af854a3a-2127-422b-91ae-364da2661108http://www.wisec.it/vulns.php?page=9Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/31273
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348
Impacted products
Vendor Product Version
adobe acrobat *
adobe acrobat 7.0
adobe acrobat 7.0
adobe acrobat 7.0.1
adobe acrobat 7.0.1
adobe acrobat 7.0.2
adobe acrobat 7.0.2
adobe acrobat 7.0.3
adobe acrobat 7.0.3
adobe acrobat 7.0.4
adobe acrobat 7.0.4
adobe acrobat 7.0.5
adobe acrobat 7.0.5
adobe acrobat 7.0.6
adobe acrobat 7.0.6
adobe acrobat 7.0.7
adobe acrobat 7.0.7
adobe acrobat 7.0.8
adobe acrobat 7.0.8
adobe acrobat_3d *
adobe acrobat_reader *
adobe acrobat_reader 6.0
adobe acrobat_reader 6.0.1
adobe acrobat_reader 6.0.2
adobe acrobat_reader 6.0.3
adobe acrobat_reader 6.0.4
adobe acrobat_reader 6.0.5
adobe acrobat_reader 7.0
adobe acrobat_reader 7.0.1
adobe acrobat_reader 7.0.2
adobe acrobat_reader 7.0.3
adobe acrobat_reader 7.0.4
adobe acrobat_reader 7.0.5
adobe acrobat_reader 7.0.6
adobe acrobat_reader 7.0.7
adobe acrobat_reader 7.0.8


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:*",
              "matchCriteriaId": "70C786B9-7CEC-474E-B173-F2D9CD78E5B9",
              "versionEndIncluding": "7.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*",
              "matchCriteriaId": "AC8F85CD-8371-4B36-8D6A-8B2CA580631B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*",
              "matchCriteriaId": "C74ECCD2-4E9B-407B-9B14-8A6FB4F768F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*",
              "matchCriteriaId": "FE88C274-CC72-4341-9BF6-1924054A12FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*",
              "matchCriteriaId": "507C02CF-7E81-4131-99DE-63E4EEC45F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*",
              "matchCriteriaId": "3D68FF87-5DCE-4D52-B95A-8ADB6F8C0DA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*",
              "matchCriteriaId": "47EBEF8E-3C53-41D5-B344-297ED7C432F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*",
              "matchCriteriaId": "DC0DF265-984D-462D-878E-612783BF0BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0335D33B-20D8-483F-AB5E-E2517F2F900D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*",
              "matchCriteriaId": "4B066C6A-E3ED-4E7B-BE5E-45CDBF1E8959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.4:*:standard:*:*:*:*:*",
              "matchCriteriaId": "2341215F-97A7-40B6-B618-7FF022C7CFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.5:*:professional:*:*:*:*:*",
              "matchCriteriaId": "D61F0564-59B9-4811-B7FD-BA044C6A94AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.5:*:standard:*:*:*:*:*",
              "matchCriteriaId": "9C9A3E43-7334-44B0-BF01-04BB19B6FE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.6:*:professional:*:*:*:*:*",
              "matchCriteriaId": "D3E43C1B-D76D-4486-AE7A-943D34D0A92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.6:*:standard:*:*:*:*:*",
              "matchCriteriaId": "9F7310F9-CF09-4B83-B6CA-3FE6DBAB6008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.7:*:professional:*:*:*:*:*",
              "matchCriteriaId": "F52F86E7-E845-48A5-9CC4-98E6DAA43C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.7:*:standard:*:*:*:*:*",
              "matchCriteriaId": "32C79CBE-CE27-46B2-BD3C-D56DC62CBB46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.8:*:professional:*:*:*:*:*",
              "matchCriteriaId": "CC9D669B-7E9D-4F39-894A-D9438000F2B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.8:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0D9CA54D-9D60-4064-B6AC-8CED8D064465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA58F87E-2E6D-4837-85C9-0A94BB3D269A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD055652-DA7A-4881-ACD3-9D491821DC73",
              "versionEndIncluding": "7.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B9351C2-16ED-4766-B417-8DB3A8766C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "74667860-0047-40AD-9468-860591BA9D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9628AFF9-6EE1-4E85-858F-AE96EE64B7F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2D0266-6954-4DBA-9EEE-8BF73B39DD61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "24262AFA-2EC8-479E-8922-36DB4243E404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E62096-08B2-4722-A492-11E9A441E85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5370AC6-90EE-48EA-8DBD-54002B102F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36D10A8-D211-437D-98D8-9029D0A9CF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA55D00C-3629-48E4-8699-F62B8D703E02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "623324C2-C8B5-4C3C-9C10-9677D5A6740A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a \"cross-site scripting issue.\""
    },
    {
      "lang": "es",
      "value": "El Plugin de Adobe Acrobat Reader anterior al 8.0.0., cuando se usa con el Internet Explorer, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de memoria) mediante una secuencia larga de caracteres # (almohadilla) a\u00f1adidos a una PDF URL."
    }
  ],
  "id": "CVE-2007-0048",
  "lastModified": "2024-11-21T00:24:50.750",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-01-03T21:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/31596"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23812"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23882"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33754"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2090"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017469"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023007"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0032"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/2898"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.wisec.it/vulns.php?page=9"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31273"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/31596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.wisec.it/vulns.php?page=9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-06-25 12:36
Modified
2024-11-21 00:47
Severity ?
Summary
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
References
cve@mitre.orghttp://isc.sans.org/diary.html?storyid=4616
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html
cve@mitre.orghttp://secunia.com/advisories/30832Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/31136
cve@mitre.orghttp://secunia.com/advisories/31339
cve@mitre.orghttp://secunia.com/advisories/31352
cve@mitre.orghttp://secunia.com/advisories/31428
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb08-15.htmlPatch
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200808-10.xml
cve@mitre.orghttp://www.kb.cert.org/vuls/id/788019US Government Resource
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0641.html
cve@mitre.orghttp://www.securityfocus.com/bid/29908Patch
cve@mitre.orghttp://www.securitytracker.com/id?1020352
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/1906
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2289
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/43307
af854a3a-2127-422b-91ae-364da2661108http://isc.sans.org/diary.html?storyid=4616
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30832Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31136
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31339
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31352
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31428
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb08-15.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200808-10.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/788019US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0641.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/29908Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020352
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1906
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2289
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/43307
Impacted products
Vendor Product Version
adobe acrobat_3d 7.0
adobe acrobat_3d 7.0
adobe acrobat_3d 7.0.0
adobe acrobat_3d 7.0.0
adobe acrobat_3d 7.0.1
adobe acrobat_3d 7.0.1
adobe acrobat_3d 7.0.2
adobe acrobat_3d 7.0.2
adobe acrobat_3d 7.0.3
adobe acrobat_3d 7.0.3
adobe acrobat_3d 7.0.4
adobe acrobat_3d 7.0.4
adobe acrobat_3d 7.0.5
adobe acrobat_3d 7.0.5
adobe acrobat_3d 7.0.6
adobe acrobat_3d 7.0.6
adobe acrobat_3d 7.0.7
adobe acrobat_3d 7.0.7
adobe acrobat_3d 7.0.8
adobe acrobat_3d 7.0.8
adobe acrobat_3d 7.0.9
adobe acrobat_3d 7.0.9
adobe acrobat_3d 8.1
adobe acrobat_3d 8.1
adobe acrobat_3d 8.1.1
adobe acrobat_3d 8.1.1
adobe acrobat_3d 8.1.2
adobe acrobat_3d 8.1.2
adobe acrobat_reader 3.0
adobe acrobat_reader 4.0
adobe acrobat_reader 4.0.5
adobe acrobat_reader 4.5
adobe acrobat_reader 5.0
adobe acrobat_reader 5.0.5
adobe acrobat_reader 5.0.6
adobe acrobat_reader 5.0.7
adobe acrobat_reader 5.0.9
adobe acrobat_reader 5.0.10
adobe acrobat_reader 5.0.11
adobe acrobat_reader 5.1
adobe acrobat_reader 6.0
adobe acrobat_reader 6.0.1
adobe acrobat_reader 6.0.2
adobe acrobat_reader 6.0.3
adobe acrobat_reader 6.0.4
adobe acrobat_reader 6.0.5
adobe acrobat_reader 7.0
adobe acrobat_reader 7.0.1
adobe acrobat_reader 7.0.2
adobe acrobat_reader 7.0.3
adobe acrobat_reader 7.0.4
adobe acrobat_reader 7.0.5
adobe acrobat_reader 7.0.6
adobe acrobat_reader 7.0.7
adobe acrobat_reader 7.0.8
adobe acrobat_reader 7.0.9
adobe acrobat_reader 8.0
adobe acrobat_reader 8.1
adobe acrobat_reader 8.1.1
adobe acrobat_reader 8.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0:*:professional:*:*:*:*:*",
              "matchCriteriaId": "8A748890-C102-47C4-8A75-05E5C0064115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0:*:standard:*:*:*:*:*",
              "matchCriteriaId": "2AB13B40-EEF8-42EB-A02F-D57D88A812D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.0:*:professional:*:*:*:*:*",
              "matchCriteriaId": "1E7D4E11-F49C-47D5-84EE-7A65BF0EF75B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.0:*:standard:*:*:*:*:*",
              "matchCriteriaId": "19BE10C3-1A94-4832-935F-8CC28D7AEF2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.1:*:professional:*:*:*:*:*",
              "matchCriteriaId": "4F7B4494-F02C-4D33-86A6-D126440B44AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.1:*:standard:*:*:*:*:*",
              "matchCriteriaId": "9E9D25AB-0FC8-4E0D-87C1-089FF1A04219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.2:*:professional:*:*:*:*:*",
              "matchCriteriaId": "57AAAD7B-A053-4AD8-87D6-CF7399BB873F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.2:*:standard:*:*:*:*:*",
              "matchCriteriaId": "BE080136-C078-4B27-983F-307F8DA1C6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.3:*:professional:*:*:*:*:*",
              "matchCriteriaId": "E257B03E-FDE6-40BC-A13A-9F383808B143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.3:*:standard:*:*:*:*:*",
              "matchCriteriaId": "007CC2B9-1FB1-45EC-8D2B-BD5B15716B91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.4:*:professional:*:*:*:*:*",
              "matchCriteriaId": "00DDEA6D-B28A-44E8-A8A3-4CE688CB2C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.4:*:standard:*:*:*:*:*",
              "matchCriteriaId": "EBDA4F47-0E01-42E3-8529-8C2608C9C3E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.5:*:professional:*:*:*:*:*",
              "matchCriteriaId": "82E9DE9F-5782-4FD4-BE02-55C8FA79BF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.5:*:standard:*:*:*:*:*",
              "matchCriteriaId": "F9B3007B-4A43-4F40-A9D8-15012607A328",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.6:*:professional:*:*:*:*:*",
              "matchCriteriaId": "0D07A979-15E4-47B3-A412-47702905C687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.6:*:standard:*:*:*:*:*",
              "matchCriteriaId": "72BFBE65-1004-4B22-BA63-5C90E93B8CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.7:*:professional:*:*:*:*:*",
              "matchCriteriaId": "618D991E-0510-427B-80CD-F820A0C1782E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.7:*:standard:*:*:*:*:*",
              "matchCriteriaId": "3B60667F-7818-4959-B923-7EFC55EC19A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.8:*:professional:*:*:*:*:*",
              "matchCriteriaId": "CD612ECD-E98A-4C17-B3F6-70BC12CA8664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.8:*:standard:*:*:*:*:*",
              "matchCriteriaId": "5A160691-E99D-497B-8FB8-E384B039854D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.9:*:professional:*:*:*:*:*",
              "matchCriteriaId": "E8E51EAF-420E-470A-9903-4D3D10B638D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:7.0.9:*:standard:*:*:*:*:*",
              "matchCriteriaId": "6704EAE6-7729-4631-9E70-A8F1A628CABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:8.1:*:professional:*:*:*:*:*",
              "matchCriteriaId": "858DFFF0-3CD5-4D70-886F-BF0F4E68EE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:8.1:*:standard:*:*:*:*:*",
              "matchCriteriaId": "AF2C30B6-2ADA-4695-86F6-6A3DD990641F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:8.1.1:*:professional:*:*:*:*:*",
              "matchCriteriaId": "CEBDEC98-39C9-4936-B0AB-F415D02EC8C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:8.1.1:*:standard:*:*:*:*:*",
              "matchCriteriaId": "1073C404-97AE-4CA2-AD9B-53096A7196B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:8.1.2:*:professional:*:*:*:*:*",
              "matchCriteriaId": "14D434F4-82A0-4B23-82DB-1C07AF80042E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:8.1.2:*:standard:*:*:*:*:*",
              "matchCriteriaId": "147F2EC6-91BF-4BE6-AC56-F285160B70D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1C92642-7C8D-411A-8726-06A8A6483D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F509566A-6D4A-40C0-8A16-F8765C5DCAAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "707D7124-6063-4510-80B4-AD9675996F67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AED985D-60D7-489E-9F1E-CE3C9D985B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F0FCA2F-FD7F-4CE5-9D45-324A7EC45105",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF7EAA22-CED2-4379-9465-9562BACB1C20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "35B1CA6B-600C-4E03-B4D5-3D7E1BC4D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7AA1BA3-9FFA-46AB-A92A-7247D5F7EA06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F5F7424-1E19-4078-8908-CD86A0185042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2402B40-6B72-48B5-A376-DA8D16CA43FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D968113-340A-4E5A-B4FD-D9702D49E3DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACF742B8-5F7A-487B-835C-756B1BB392F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B9351C2-16ED-4766-B417-8DB3A8766C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "74667860-0047-40AD-9468-860591BA9D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9628AFF9-6EE1-4E85-858F-AE96EE64B7F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2D0266-6954-4DBA-9EEE-8BF73B39DD61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "24262AFA-2EC8-479E-8922-36DB4243E404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E62096-08B2-4722-A492-11E9A441E85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5370AC6-90EE-48EA-8DBD-54002B102F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36D10A8-D211-437D-98D8-9029D0A9CF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA55D00C-3629-48E4-8699-F62B8D703E02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "623324C2-C8B5-4C3C-9C10-9677D5A6740A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "634396D6-4ED6-4F4D-9458-396373489589",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "996EB48E-D2A8-49E4-915A-EBDE26A9FB94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E20936-EE31-4CEB-A710-3165A28BAD69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BD9952C-A1D0-4DFB-A292-9B86D7EAE5FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5BEA847-A71E-4336-AB67-B3C38847C1C3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an \"input validation issue in a JavaScript method.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Adobe Reader y Acrobat 7.0.9 y anteriores, y 8.0 hasta 8.1.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no conocidos, relacionados con un \"problema de validaci\u00f3n de entrada en un m\u00e9todo JavaScript.\""
    }
  ],
  "id": "CVE-2008-2641",
  "lastModified": "2024-11-21T00:47:22.533",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-06-25T12:36:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://isc.sans.org/diary.html?storyid=4616"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30832"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31136"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31339"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31352"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31428"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-15.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200808-10.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/788019"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/29908"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020352"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1906"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2289"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://isc.sans.org/diary.html?storyid=4616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31339"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240106-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb08-15.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200808-10.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/788019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0641.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/29908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43307"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-01-03 21:28
Modified
2024-11-21 00:24
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
References
cve@mitre.orghttp://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
cve@mitre.orghttp://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
cve@mitre.orghttp://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
cve@mitre.orghttp://secunia.com/advisories/23483Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/23691Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/23812Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/23877Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/23882Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/24457Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/24533Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/33754Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200701-16.xml
cve@mitre.orghttp://securityreason.com/securityalert/2090
cve@mitre.orghttp://securitytracker.com/id?1017469
cve@mitre.orghttp://securitytracker.com/id?1023007
cve@mitre.orghttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
cve@mitre.orghttp://www.adobe.com/support/security/advisories/apsa07-01.htmlVendor Advisory
cve@mitre.orghttp://www.adobe.com/support/security/advisories/apsa07-02.html
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb07-01.html
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb09-15.html
cve@mitre.orghttp://www.disenchant.ch/blog/hacking-with-browser-plugins/34Exploit
cve@mitre.orghttp://www.gnucitizen.org/blog/danger-danger-danger/Exploit, Vendor Advisory
cve@mitre.orghttp://www.gnucitizen.org/blog/universal-pdf-xss-after-party
cve@mitre.orghttp://www.kb.cert.org/vuls/id/815960Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mozilla.org/security/announce/2007/mfsa2007-02.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0021.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/455790/100/0/threadedExploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/455800/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/455801/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/455831/100/0/threadedExploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/455836/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/455906/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/21858
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA09-286B.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0032Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0957Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2898Vendor Advisory
cve@mitre.orghttp://www.wisec.it/vulns.php?page=9Exploit, Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/31271
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
cve@mitre.orghttps://rhn.redhat.com/errata/RHSA-2007-0017.html
af854a3a-2127-422b-91ae-364da2661108http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
af854a3a-2127-422b-91ae-364da2661108http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23483Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23691Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23812Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23877Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23882Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24457Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24533Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33754Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200701-16.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2090
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017469
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023007
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/advisories/apsa07-01.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/advisories/apsa07-02.html
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb07-01.html
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb09-15.html
af854a3a-2127-422b-91ae-364da2661108http://www.disenchant.ch/blog/hacking-with-browser-plugins/34Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.gnucitizen.org/blog/danger-danger-danger/Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/815960Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0021.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455790/100/0/threadedExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455800/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455801/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455831/100/0/threadedExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455836/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455906/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21858
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0032Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0957Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2898Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.wisec.it/vulns.php?page=9Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/31271
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2007-0017.html
Impacted products
Vendor Product Version
adobe acrobat *
adobe acrobat 7.0
adobe acrobat 7.0
adobe acrobat 7.0.1
adobe acrobat 7.0.1
adobe acrobat 7.0.2
adobe acrobat 7.0.2
adobe acrobat 7.0.3
adobe acrobat 7.0.3
adobe acrobat 7.0.4
adobe acrobat 7.0.4
adobe acrobat 7.0.5
adobe acrobat 7.0.5
adobe acrobat 7.0.6
adobe acrobat 7.0.6
adobe acrobat 7.0.7
adobe acrobat 7.0.7
adobe acrobat 7.0.8
adobe acrobat 7.0.8
adobe acrobat_3d *
adobe acrobat_reader *
adobe acrobat_reader 6.0
adobe acrobat_reader 6.0.1
adobe acrobat_reader 6.0.2
adobe acrobat_reader 6.0.3
adobe acrobat_reader 6.0.4
adobe acrobat_reader 6.0.5
adobe acrobat_reader 7.0
adobe acrobat_reader 7.0.1
adobe acrobat_reader 7.0.2
adobe acrobat_reader 7.0.3
adobe acrobat_reader 7.0.4
adobe acrobat_reader 7.0.5
adobe acrobat_reader 7.0.6
adobe acrobat_reader 7.0.7
adobe acrobat_reader 7.0.8


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:*",
              "matchCriteriaId": "70C786B9-7CEC-474E-B173-F2D9CD78E5B9",
              "versionEndIncluding": "7.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*",
              "matchCriteriaId": "AC8F85CD-8371-4B36-8D6A-8B2CA580631B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*",
              "matchCriteriaId": "C74ECCD2-4E9B-407B-9B14-8A6FB4F768F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*",
              "matchCriteriaId": "FE88C274-CC72-4341-9BF6-1924054A12FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*",
              "matchCriteriaId": "507C02CF-7E81-4131-99DE-63E4EEC45F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*",
              "matchCriteriaId": "3D68FF87-5DCE-4D52-B95A-8ADB6F8C0DA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*",
              "matchCriteriaId": "47EBEF8E-3C53-41D5-B344-297ED7C432F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*",
              "matchCriteriaId": "DC0DF265-984D-462D-878E-612783BF0BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0335D33B-20D8-483F-AB5E-E2517F2F900D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*",
              "matchCriteriaId": "4B066C6A-E3ED-4E7B-BE5E-45CDBF1E8959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.4:*:standard:*:*:*:*:*",
              "matchCriteriaId": "2341215F-97A7-40B6-B618-7FF022C7CFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.5:*:professional:*:*:*:*:*",
              "matchCriteriaId": "D61F0564-59B9-4811-B7FD-BA044C6A94AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.5:*:standard:*:*:*:*:*",
              "matchCriteriaId": "9C9A3E43-7334-44B0-BF01-04BB19B6FE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.6:*:professional:*:*:*:*:*",
              "matchCriteriaId": "D3E43C1B-D76D-4486-AE7A-943D34D0A92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.6:*:standard:*:*:*:*:*",
              "matchCriteriaId": "9F7310F9-CF09-4B83-B6CA-3FE6DBAB6008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.7:*:professional:*:*:*:*:*",
              "matchCriteriaId": "F52F86E7-E845-48A5-9CC4-98E6DAA43C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.7:*:standard:*:*:*:*:*",
              "matchCriteriaId": "32C79CBE-CE27-46B2-BD3C-D56DC62CBB46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.8:*:professional:*:*:*:*:*",
              "matchCriteriaId": "CC9D669B-7E9D-4F39-894A-D9438000F2B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.8:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0D9CA54D-9D60-4064-B6AC-8CED8D064465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA58F87E-2E6D-4837-85C9-0A94BB3D269A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD055652-DA7A-4881-ACD3-9D491821DC73",
              "versionEndIncluding": "7.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B9351C2-16ED-4766-B417-8DB3A8766C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "74667860-0047-40AD-9468-860591BA9D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9628AFF9-6EE1-4E85-858F-AE96EE64B7F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2D0266-6954-4DBA-9EEE-8BF73B39DD61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "24262AFA-2EC8-479E-8922-36DB4243E404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E62096-08B2-4722-A492-11E9A441E85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5370AC6-90EE-48EA-8DBD-54002B102F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36D10A8-D211-437D-98D8-9029D0A9CF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA55D00C-3629-48E4-8699-F62B8D703E02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "623324C2-C8B5-4C3C-9C10-9677D5A6740A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka \"Universal XSS (UXSS).\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de tipo cross-site-scripting (XSS) en Adobe Acrobat Reader Plugin anterior a versi\u00f3n 8.0.0, y posiblemente el plugin distribuido con Adobe Reader versi\u00f3n 7.x anterior a 7.1.4, versi\u00f3n 8.x anterior a 8.1.7, y versi\u00f3n 9.x anterior a 9.2, para Mozilla Firefox, Microsoft Internet Explorer versi\u00f3n 6 SP1, Google Chrome, Opera versi\u00f3n 8.5.4 build 770 y Opera versi\u00f3n 9.10.8679 en Windows permiten a los atacantes remotos inyectar JavaScript arbitrario y conducir otros ataques por medio de una URL .pdf con un javascript: o  URI res: con los par\u00e1metros (1) FDF, (2) XML y (3) AJAX XFDF, o (4) un identificador de anclaje arbitrariamente llamado name=URI, tambi\u00e9n se conoce como \"Universal XSS (UXSS)\"."
    }
  ],
  "id": "CVE-2007-0045",
  "lastModified": "2024-11-21T00:24:50.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-01-03T21:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23483"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23691"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23812"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23877"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23882"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24457"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24533"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33754"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2090"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017469"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023007"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa07-01.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/advisories/apsa07-02.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.disenchant.ch/blog/hacking-with-browser-plugins/34"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.gnucitizen.org/blog/danger-danger-danger/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnucitizen.org/blog/universal-pdf-xss-after-party"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/815960"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/455790/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455800/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/455831/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455836/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455906/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21858"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0032"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0957"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2898"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.wisec.it/vulns.php?page=9"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31271"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rhn.redhat.com/errata/RHSA-2007-0017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa07-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/advisories/apsa07-02.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.disenchant.ch/blog/hacking-with-browser-plugins/34"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.gnucitizen.org/blog/danger-danger-danger/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnucitizen.org/blog/universal-pdf-xss-after-party"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/815960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/455790/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455800/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/455831/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455836/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455906/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.wisec.it/vulns.php?page=9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2007-0017.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-01-03 21:28
Modified
2024-11-21 00:24
Severity ?
Summary
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
References
cve@mitre.orghttp://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
cve@mitre.orghttp://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
cve@mitre.orghttp://secunia.com/advisories/23812
cve@mitre.orghttp://secunia.com/advisories/23882Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/29065Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200701-16.xml
cve@mitre.orghttp://securityreason.com/securityalert/2090Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1017469
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0144.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/455801/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/21858
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0032
cve@mitre.orghttp://www.wisec.it/vulns.php?page=9Exploit, Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/31266
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042
af854a3a-2127-422b-91ae-364da2661108http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
af854a3a-2127-422b-91ae-364da2661108http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23812
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23882Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29065Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200701-16.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2090Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017469
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0144.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455801/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21858
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0032
af854a3a-2127-422b-91ae-364da2661108http://www.wisec.it/vulns.php?page=9Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/31266
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042
Impacted products
Vendor Product Version
adobe acrobat *
adobe acrobat 7.0
adobe acrobat 7.0
adobe acrobat 7.0.1
adobe acrobat 7.0.1
adobe acrobat 7.0.2
adobe acrobat 7.0.2
adobe acrobat 7.0.3
adobe acrobat 7.0.3
adobe acrobat 7.0.4
adobe acrobat 7.0.4
adobe acrobat 7.0.5
adobe acrobat 7.0.5
adobe acrobat 7.0.6
adobe acrobat 7.0.6
adobe acrobat 7.0.7
adobe acrobat 7.0.7
adobe acrobat 7.0.8
adobe acrobat 7.0.8
adobe acrobat_3d *
adobe acrobat_reader *
adobe acrobat_reader 6.0
adobe acrobat_reader 6.0.1
adobe acrobat_reader 6.0.2
adobe acrobat_reader 6.0.3
adobe acrobat_reader 6.0.4
adobe acrobat_reader 6.0.5
adobe acrobat_reader 7.0
adobe acrobat_reader 7.0.1
adobe acrobat_reader 7.0.2
adobe acrobat_reader 7.0.3
adobe acrobat_reader 7.0.4
adobe acrobat_reader 7.0.5
adobe acrobat_reader 7.0.6
adobe acrobat_reader 7.0.7
adobe acrobat_reader 7.0.8


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:*",
              "matchCriteriaId": "70C786B9-7CEC-474E-B173-F2D9CD78E5B9",
              "versionEndIncluding": "7.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*",
              "matchCriteriaId": "AC8F85CD-8371-4B36-8D6A-8B2CA580631B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*",
              "matchCriteriaId": "C74ECCD2-4E9B-407B-9B14-8A6FB4F768F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*",
              "matchCriteriaId": "FE88C274-CC72-4341-9BF6-1924054A12FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*",
              "matchCriteriaId": "507C02CF-7E81-4131-99DE-63E4EEC45F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*",
              "matchCriteriaId": "3D68FF87-5DCE-4D52-B95A-8ADB6F8C0DA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*",
              "matchCriteriaId": "47EBEF8E-3C53-41D5-B344-297ED7C432F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*",
              "matchCriteriaId": "DC0DF265-984D-462D-878E-612783BF0BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0335D33B-20D8-483F-AB5E-E2517F2F900D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*",
              "matchCriteriaId": "4B066C6A-E3ED-4E7B-BE5E-45CDBF1E8959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.4:*:standard:*:*:*:*:*",
              "matchCriteriaId": "2341215F-97A7-40B6-B618-7FF022C7CFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.5:*:professional:*:*:*:*:*",
              "matchCriteriaId": "D61F0564-59B9-4811-B7FD-BA044C6A94AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.5:*:standard:*:*:*:*:*",
              "matchCriteriaId": "9C9A3E43-7334-44B0-BF01-04BB19B6FE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.6:*:professional:*:*:*:*:*",
              "matchCriteriaId": "D3E43C1B-D76D-4486-AE7A-943D34D0A92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.6:*:standard:*:*:*:*:*",
              "matchCriteriaId": "9F7310F9-CF09-4B83-B6CA-3FE6DBAB6008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.7:*:professional:*:*:*:*:*",
              "matchCriteriaId": "F52F86E7-E845-48A5-9CC4-98E6DAA43C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.7:*:standard:*:*:*:*:*",
              "matchCriteriaId": "32C79CBE-CE27-46B2-BD3C-D56DC62CBB46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.8:*:professional:*:*:*:*:*",
              "matchCriteriaId": "CC9D669B-7E9D-4F39-894A-D9438000F2B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.8:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0D9CA54D-9D60-4064-B6AC-8CED8D064465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA58F87E-2E6D-4837-85C9-0A94BB3D269A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD055652-DA7A-4881-ACD3-9D491821DC73",
              "versionEndIncluding": "7.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B9351C2-16ED-4766-B417-8DB3A8766C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "74667860-0047-40AD-9468-860591BA9D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9628AFF9-6EE1-4E85-858F-AE96EE64B7F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2D0266-6954-4DBA-9EEE-8BF73B39DD61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "24262AFA-2EC8-479E-8922-36DB4243E404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E62096-08B2-4722-A492-11E9A441E85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5370AC6-90EE-48EA-8DBD-54002B102F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36D10A8-D211-437D-98D8-9029D0A9CF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA55D00C-3629-48E4-8699-F62B8D703E02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "623324C2-C8B5-4C3C-9C10-9677D5A6740A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka \"Universal CSRF and session riding.\""
    },
    {
      "lang": "es",
      "value": "Adobe Acrobat Reader Plugin anterior a la versi\u00f3n 8.0.0 para los navegadores Firefox, Internet Explorer y Opera permite a atacantes remotos forzar al navegador a realizar una petici\u00f3n no autorizada a otros sitios web a trav\u00e9s de una mediante una URL en los par\u00e1metros de petici\u00f3n (1) FDF, (2) xml y (3) xfdf AJAX, seguidos del car\u00e1cter # (almohadilla), tambi\u00e9n conocido como \"Universal CSRF and session riding\"."
    }
  ],
  "id": "CVE-2007-0044",
  "lastModified": "2024-11-21T00:24:50.083",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-01-03T21:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23812"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23882"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29065"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securityreason.com/securityalert/2090"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017469"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0144.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21858"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0032"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.wisec.it/vulns.php?page=9"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31266"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securityreason.com/securityalert/2090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0144.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.wisec.it/vulns.php?page=9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}