CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
99.0%
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka “Universal CSRF and session riding.”
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | acrobat | * | cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:* |
adobe | acrobat | 7.0 | cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:* |
adobe | acrobat | 7.0 | cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:* |
adobe | acrobat | 7.0.1 | cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:* |
adobe | acrobat | 7.0.1 | cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:* |
adobe | acrobat | 7.0.2 | cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:* |
adobe | acrobat | 7.0.2 | cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:* |
adobe | acrobat | 7.0.3 | cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:* |
adobe | acrobat | 7.0.3 | cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:* |
adobe | acrobat | 7.0.4 | cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:* |
events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
secunia.com/advisories/23812
secunia.com/advisories/23882
secunia.com/advisories/29065
security.gentoo.org/glsa/glsa-200701-16.xml
securityreason.com/securityalert/2090
securitytracker.com/id?1017469
www.redhat.com/support/errata/RHSA-2008-0144.html
www.securityfocus.com/archive/1/455801/100/0/threaded
www.securityfocus.com/bid/21858
www.vupen.com/english/advisories/2007/0032
www.wisec.it/vulns.php?page=9
exchange.xforce.ibmcloud.com/vulnerabilities/31266
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042