Lucene search

K
cveMitreCVE-2007-0044
HistoryJan 03, 2007 - 9:28 p.m.

CVE-2007-0044

2007-01-0321:28:00
CWE-352
mitre
web.nvd.nist.gov
44
adobe
acrobat reader
plugin
security vulnerability
csrf
session riding
remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.929

Percentile

99.0%

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka “Universal CSRF and session riding.”

Affected configurations

Nvd
Node
adobeacrobatRange7.0.8elements
OR
adobeacrobatMatch7.0professional
OR
adobeacrobatMatch7.0standard
OR
adobeacrobatMatch7.0.1professional
OR
adobeacrobatMatch7.0.1standard
OR
adobeacrobatMatch7.0.2professional
OR
adobeacrobatMatch7.0.2standard
OR
adobeacrobatMatch7.0.3professional
OR
adobeacrobatMatch7.0.3standard
OR
adobeacrobatMatch7.0.4professional
OR
adobeacrobatMatch7.0.4standard
OR
adobeacrobatMatch7.0.5professional
OR
adobeacrobatMatch7.0.5standard
OR
adobeacrobatMatch7.0.6professional
OR
adobeacrobatMatch7.0.6standard
OR
adobeacrobatMatch7.0.7professional
OR
adobeacrobatMatch7.0.7standard
OR
adobeacrobatMatch7.0.8professional
OR
adobeacrobatMatch7.0.8standard
OR
adobeacrobat_3d
OR
adobeacrobat_readerRange7.0.8
OR
adobeacrobat_readerMatch6.0
OR
adobeacrobat_readerMatch6.0.1
OR
adobeacrobat_readerMatch6.0.2
OR
adobeacrobat_readerMatch6.0.3
OR
adobeacrobat_readerMatch6.0.4
OR
adobeacrobat_readerMatch6.0.5
OR
adobeacrobat_readerMatch7.0
OR
adobeacrobat_readerMatch7.0.1
OR
adobeacrobat_readerMatch7.0.2
OR
adobeacrobat_readerMatch7.0.3
OR
adobeacrobat_readerMatch7.0.4
OR
adobeacrobat_readerMatch7.0.5
OR
adobeacrobat_readerMatch7.0.6
OR
adobeacrobat_readerMatch7.0.7
OR
adobeacrobat_readerMatch7.0.8
VendorProductVersionCPE
adobeacrobat*cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:*
adobeacrobat7.0cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*
adobeacrobat7.0cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*
adobeacrobat7.0.1cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*
adobeacrobat7.0.1cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*
adobeacrobat7.0.2cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*
adobeacrobat7.0.2cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*
adobeacrobat7.0.3cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*
adobeacrobat7.0.3cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*
adobeacrobat7.0.4cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*
Rows per page:
1-10 of 361

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.929

Percentile

99.0%