CVE-2007-0045

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

Múltiples vulnerabilidades de tipo cross-site-scripting (XSS) en Adobe Acrobat Reader Plugin anterior a versión 8.0.0, y posiblemente el plugin distribuido con Adobe Reader versión 7.x anterior a 7.1.4, versión 8.x anterior a 8.1.7, y versión 9.x anterior a 9.2, para Mozilla Firefox, Microsoft Internet Explorer versión 6 SP1, Google Chrome, Opera versión 8.5.4 build 770 y Opera versión 9.10.8679 en Windows permiten a los atacantes remotos inyectar JavaScript arbitrario y conducir otros ataques por medio de una URL .pdf con un javascript: o URI res: con los parámetros (1) FDF, (2) XML y (3) AJAX XFDF, o (4) un identificador de anclaje arbitrariamente llamado name=URI, también se conoce como "Universal XSS (UXSS)".

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-01-03 CVE Reserved
2007-01-03 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-09-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (46)

URL	Tag	Source
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf	X_refsource_misc
http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html	X_refsource_confirm
http://securityreason.com/securityalert/2090	Third Party Advisory
http://securitytracker.com/id?1017469	Vdb Entry
http://securitytracker.com/id?1023007	Vdb Entry
http://www.adobe.com/support/security/advisories/apsa07-02.html	X_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb07-01.html	X_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb09-15.html	X_refsource_confirm
http://www.gnucitizen.org/blog/universal-pdf-xss-after-party	X_refsource_misc
http://www.kb.cert.org/vuls/id/815960	Third Party Advisory
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html	X_refsource_confirm
http://www.securityfocus.com/archive/1/455800/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/455801/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/455836/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/455906/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/21858	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA09-286B.html	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31271	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693	Signature

URL	Date	SRC
http://www.disenchant.ch/blog/hacking-with-browser-plugins/34	2024-08-07
http://www.gnucitizen.org/blog/danger-danger-danger	2024-08-07
http://www.securityfocus.com/archive/1/455790/100/0/threaded	2024-08-07
http://www.securityfocus.com/archive/1/455831/100/0/threaded	2024-08-07
http://www.wisec.it/vulns.php?page=9	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	2018-10-16
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html	2018-10-16
http://secunia.com/advisories/23483	2018-10-16
http://secunia.com/advisories/23691	2018-10-16
http://secunia.com/advisories/23812	2018-10-16
http://secunia.com/advisories/23877	2018-10-16
http://secunia.com/advisories/23882	2018-10-16
http://secunia.com/advisories/24457	2018-10-16
http://secunia.com/advisories/24533	2018-10-16
http://secunia.com/advisories/33754	2018-10-16
http://security.gentoo.org/glsa/glsa-200701-16.xml	2018-10-16
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131	2018-10-16
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1	2018-10-16
http://www.adobe.com/support/security/advisories/apsa07-01.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0021.html	2018-10-16
http://www.vupen.com/english/advisories/2007/0032	2018-10-16
http://www.vupen.com/english/advisories/2007/0957	2018-10-16
http://www.vupen.com/english/advisories/2009/2898	2018-10-16
https://rhn.redhat.com/errata/RHSA-2007-0017.html	2018-10-16
https://access.redhat.com/security/cve/CVE-2007-0045	2007-01-22
https://bugzilla.redhat.com/show_bug.cgi?id=1618261	2007-01-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				<= 7.0.8 Search vendor "Adobe" for product "Acrobat" and version " <= 7.0.8"		elements		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0 Search vendor "Adobe" for product "Acrobat" and version "7.0"		professional		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0 Search vendor "Adobe" for product "Acrobat" and version "7.0"		standard		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.1 Search vendor "Adobe" for product "Acrobat" and version "7.0.1"		professional		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.1 Search vendor "Adobe" for product "Acrobat" and version "7.0.1"		standard		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.2 Search vendor "Adobe" for product "Acrobat" and version "7.0.2"		professional		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.2 Search vendor "Adobe" for product "Acrobat" and version "7.0.2"		standard		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.3 Search vendor "Adobe" for product "Acrobat" and version "7.0.3"		professional		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.3 Search vendor "Adobe" for product "Acrobat" and version "7.0.3"		standard		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.4 Search vendor "Adobe" for product "Acrobat" and version "7.0.4"		professional		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.4 Search vendor "Adobe" for product "Acrobat" and version "7.0.4"		standard		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.5 Search vendor "Adobe" for product "Acrobat" and version "7.0.5"		professional		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.5 Search vendor "Adobe" for product "Acrobat" and version "7.0.5"		standard		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.6 Search vendor "Adobe" for product "Acrobat" and version "7.0.6"		professional		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.6 Search vendor "Adobe" for product "Acrobat" and version "7.0.6"		standard		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.7 Search vendor "Adobe" for product "Acrobat" and version "7.0.7"		professional		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.7 Search vendor "Adobe" for product "Acrobat" and version "7.0.7"		standard		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.8 Search vendor "Adobe" for product "Acrobat" and version "7.0.8"		professional		Affected
Adobe Search vendor "Adobe"		Acrobat Search vendor "Adobe" for product "Acrobat"				7.0.8 Search vendor "Adobe" for product "Acrobat" and version "7.0.8"		standard		Affected
Adobe Search vendor "Adobe"		Acrobat 3d Search vendor "Adobe" for product "Acrobat 3d"				*		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				<= 7.0.8 Search vendor "Adobe" for product "Acrobat Reader" and version " <= 7.0.8"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				6.0 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				6.0.1 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.1"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				6.0.2 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.2"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				6.0.3 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.3"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				6.0.4 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.4"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				6.0.5 Search vendor "Adobe" for product "Acrobat Reader" and version "6.0.5"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				7.0 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				7.0.1 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.1"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				7.0.2 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.2"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				7.0.3 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.3"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				7.0.4 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.4"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				7.0.5 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.5"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				7.0.6 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.6"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				7.0.7 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.7"		-		Affected
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				7.0.8 Search vendor "Adobe" for product "Acrobat Reader" and version "7.0.8"		-		Affected