// For flags

CVE-2007-0046

Adobe Acrobat Reader Plugin 7.0.x - 'acroreader' Cross-Site Scripting

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

Doble vulnerabilidad en el Adobe Acrobat Reader Plugin anterior al 8.0.0, como el utilizado en el Mozilla Firefox 1.5.0.7, permite a atacantes remotos ejecutar código de su elección provocando un error mediante un javascript: la URI llama al document.write en los parámetros de petición (1) FDF, (2) XML o (3) XFDF AJAX.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-01-03 CVE Reserved
  • 2007-01-03 CVE Published
  • 2007-01-05 First Exploit
  • 2023-09-30 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (23)
URL Tag Source
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf X_refsource_misc
http://secunia.com/advisories/23691 Third Party Advisory
http://secunia.com/advisories/23812 Third Party Advisory
http://secunia.com/advisories/23877 Third Party Advisory
http://secunia.com/advisories/23882 Third Party Advisory
http://secunia.com/advisories/24533 Third Party Advisory
http://securityreason.com/securityalert/2090 Third Party Advisory
http://securitytracker.com/id?1017469 Vdb Entry
http://www.adobe.com/support/security/bulletins/apsb07-01.html X_refsource_confirm
http://www.securityfocus.com/archive/1/455801/100/0/threaded Mailing List
http://www.vupen.com/english/advisories/2007/0032 Vdb Entry
http://www.vupen.com/english/advisories/2007/0957 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/31272 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9684 Signature
URL Date SRC
https://www.exploit-db.com/exploits/3084 2007-01-05
http://www.wisec.it/vulns.php?page=9 2024-08-07
URL Date SRC
URL Date SRC
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html 2018-10-16
http://security.gentoo.org/glsa/glsa-200701-16.xml 2018-10-16
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1 2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0021.html 2018-10-16
https://rhn.redhat.com/errata/RHSA-2007-0017.html 2018-10-16
https://access.redhat.com/security/cve/CVE-2007-0046 2007-01-22
https://bugzilla.redhat.com/show_bug.cgi?id=1618262 2007-01-22
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
 Acrobat Reader
Search vendor "Adobe" for product "Acrobat Reader"
 <= 7.0.8
Search vendor "Adobe" for product "Acrobat Reader" and version " <= 7.0.8"
-
Affected