CVE-2007-0044

high

Description

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042

https://exchange.xforce.ibmcloud.com/vulnerabilities/31266

http://www.vupen.com/english/advisories/2007/0032

http://www.securityfocus.com/bid/21858

http://www.securityfocus.com/archive/1/455801/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2008-0144.html

http://securitytracker.com/id?1017469

http://securityreason.com/securityalert/2090

http://security.gentoo.org/glsa/glsa-200701-16.xml

http://secunia.com/advisories/29065

http://secunia.com/advisories/23882

http://secunia.com/advisories/23812

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf

Details

Source: Mitre, NVD

Published: 2007-01-03

Updated: 2018-10-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High