CVE-2007-0044
Adobe Reader 9.1.3 Plugin - Cross-Site Scripting
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
Adobe Acrobat Reader Plugin anterior a la versión 8.0.0 para los navegadores Firefox, Internet Explorer y Opera permite a atacantes remotos forzar al navegador a realizar una petición no autorizada a otros sitios web a través de una mediante una URL en los parámetros de petición (1) FDF, (2) xml y (3) xfdf AJAX, seguidos del carácter # (almohadilla), también conocido como "Universal CSRF and session riding".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-01-03 CVE Reserved
- 2007-01-03 CVE Published
- 2007-01-03 First Exploit
- 2024-08-07 CVE Updated
- 2024-11-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf | X_refsource_misc | |
| http://secunia.com/advisories/23812 | Third Party Advisory | |
| http://securitytracker.com/id?1017469 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/455801/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/21858 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/0032 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31266 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/29383 | 2007-01-03 | |
| http://www.wisec.it/vulns.php?page=9 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html | 2018-10-16 | |
| http://secunia.com/advisories/23882 | 2018-10-16 | |
| http://secunia.com/advisories/29065 | 2018-10-16 | |
| http://security.gentoo.org/glsa/glsa-200701-16.xml | 2018-10-16 | |
| http://securityreason.com/securityalert/2090 | 2018-10-16 | |
| http://www.redhat.com/support/errata/RHSA-2008-0144.html | 2018-10-16 | |
| https://access.redhat.com/security/cve/CVE-2007-0044 | 2008-02-22 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=223113 | 2008-02-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | <= 7.0.8 Search vendor "Adobe" for product "Acrobat" and version " <= 7.0.8" | elements |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0 Search vendor "Adobe" for product "Acrobat" and version "7.0" | professional |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0 Search vendor "Adobe" for product "Acrobat" and version "7.0" | standard |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.1 Search vendor "Adobe" for product "Acrobat" and version "7.0.1" | professional |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.1 Search vendor "Adobe" for product "Acrobat" and version "7.0.1" | standard |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.2 Search vendor "Adobe" for product "Acrobat" and version "7.0.2" | professional |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.2 Search vendor "Adobe" for product "Acrobat" and version "7.0.2" | standard |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.3 Search vendor "Adobe" for product "Acrobat" and version "7.0.3" | professional |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.3 Search vendor "Adobe" for product "Acrobat" and version "7.0.3" | standard |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.4 Search vendor "Adobe" for product "Acrobat" and version "7.0.4" | professional |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.4 Search vendor "Adobe" for product "Acrobat" and version "7.0.4" | standard |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.5 Search vendor "Adobe" for product "Acrobat" and version "7.0.5" | professional |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.5 Search vendor "Adobe" for product "Acrobat" and version "7.0.5" | standard |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.6 Search vendor "Adobe" for product "Acrobat" and version "7.0.6" | professional |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.6 Search vendor "Adobe" for product "Acrobat" and version "7.0.6" | standard |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.7 Search vendor "Adobe" for product "Acrobat" and version "7.0.7" | professional |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.7 Search vendor "Adobe" for product "Acrobat" and version "7.0.7" | standard |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.8 Search vendor "Adobe" for product "Acrobat" and version "7.0.8" | professional |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Search vendor "Adobe" for product "Acrobat" | 7.0.8 Search vendor "Adobe" for product "Acrobat" and version "7.0.8" | standard |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat 3d Search vendor "Adobe" for product "Acrobat 3d" | * | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | <= 7.0.8 Search vendor "Adobe" for product "Acrobat Reader" and version " <= 7.0.8" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 6.0 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 6.0.1 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 6.0.2 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 6.0.3 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 6.0.4 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.4" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 6.0.5 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.1 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.1" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.2 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.3 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.4 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.4" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.5 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.5" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.6 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.6" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.7 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.7" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader" | 7.0.8 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.8" | - |
Affected
| ||||||