CVE-2007-0044
Summary
| CVE | CVE-2007-0044 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-01-03 21:28:00 UTC |
| Updated | 2018-10-16 16:30:00 UTC |
| Description | Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Adobe | Acrobat | 7.0 | All | professional | All |
| Application | Adobe | Acrobat | 7.0 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.1 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.1 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.2 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.2 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.3 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.3 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.4 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.4 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.5 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.5 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.6 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.6 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.7 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.7 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.8 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.8 | All | standard | All |
| Application | Adobe | Acrobat | 7.0 | All | professional | All |
| Application | Adobe | Acrobat | 7.0 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.1 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.1 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.2 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.2 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.3 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.3 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.4 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.4 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.5 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.5 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.6 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.6 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.7 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.7 | All | standard | All |
| Application | Adobe | Acrobat | 7.0.8 | All | professional | All |
| Application | Adobe | Acrobat | 7.0.8 | All | standard | All |
| Application | Adobe | Acrobat | All | All | elements | All |
| Application | Adobe | Acrobat 3d | All | All | All | All |
| Application | Adobe | Acrobat 3d | All | All | All | All |
| Application | Adobe | Acrobat Reader | 6.0 | All | All | All |
| Application | Adobe | Acrobat Reader | 6.0.1 | All | All | All |
| Application | Adobe | Acrobat Reader | 6.0.2 | All | All | All |
| Application | Adobe | Acrobat Reader | 6.0.3 | All | All | All |
| Application | Adobe | Acrobat Reader | 6.0.4 | All | All | All |
| Application | Adobe | Acrobat Reader | 6.0.5 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.1 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.2 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.3 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.4 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.5 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.6 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.7 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.8 | All | All | All |
| Application | Adobe | Acrobat Reader | 6.0 | All | All | All |
| Application | Adobe | Acrobat Reader | 6.0.1 | All | All | All |
| Application | Adobe | Acrobat Reader | 6.0.2 | All | All | All |
| Application | Adobe | Acrobat Reader | 6.0.3 | All | All | All |
| Application | Adobe | Acrobat Reader | 6.0.4 | All | All | All |
| Application | Adobe | Acrobat Reader | 6.0.5 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.1 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.2 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.3 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.4 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.5 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.6 | All | All | All |
| Application | Adobe | Acrobat Reader | 7.0.7 | All | All | All |
| Application | Adobe | Acrobat Reader | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Wisec - The WIse SECurity | MISC | www.wisec.it | Exploit, Patch |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Adobe Acrobat Reader: Multiple vulnerabilities — Gentoo Linux Documentation | GENTOO | security.gentoo.org | |
| SecurityReason - Adobe Acrobat Reader Plugin - Multiple Vulnerabilities | SREASON | securityreason.com | Vendor Advisory |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability | BID | www.securityfocus.com | |
| SUSE update for acroread - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| rhn.redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Gentoo update for acroread - Advisories - Secunia | SECUNIA | secunia.com | |
| Red Hat update for acroread - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| SecurityTracker.com Archives - Adobe Acrobat Reader Plugin Bugs Let Remote Users Deny Service, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code | SECTRACK | securitytracker.com | |
| events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf | MISC | events.ccc.de | |
| SuSE Security announcements: [suse-security-announce] SUSE Security Announcement: Acrobat Reader 7.0.9 (SUSE-SA:2007:011) | SUSE | lists.suse.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.