CVE-2007-0048

medium

Description

Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348

https://exchange.xforce.ibmcloud.com/vulnerabilities/31273

http://www.vupen.com/english/advisories/2009/2898

http://www.vupen.com/english/advisories/2007/0032

http://www.us-cert.gov/cas/techalerts/TA09-286B.html

http://www.securityfocus.com/archive/1/455801/100/0/threaded

http://www.adobe.com/support/security/bulletins/apsb09-15.html

http://www.adobe.com/support/security/bulletins/apsb07-01.html

http://securitytracker.com/id?1023007

http://securitytracker.com/id?1017469

http://securityreason.com/securityalert/2090

http://security.gentoo.org/glsa/glsa-200701-16.xml

http://secunia.com/advisories/33754

http://secunia.com/advisories/23882

http://secunia.com/advisories/23812

http://osvdb.org/31596

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html

http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf

Details

Source: Mitre, NVD

Published: 2007-01-03

Updated: 2018-10-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: Medium